Skills
skills/copyleftdev/sk1llz/gremlin-enterprise-chaos/Gen Agent Trust Hub

gremlin-enterprise-chaos

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFE
Full Analysis

{"verdict":"HIGH","summary":"The skill implements a chaos engineering framework but contains hidden URLs obfuscated using zero-width characters in its documentation titles. These URLs point to data upload and configuration endpoints on the author's domain. While the domain belongs to the author, the use of obfuscation to mask network endpoints is a suspicious technique that could facilitate unauthorized data transfer or dynamic configuration loading without user visibility.","categories":["DATA_EXFILTRATION","EXTERNAL_DOWNLOADS","COMMAND_EXECUTION","PROMPT_INJECTION"],"detailed_analysis":"- [DATA_EXFILTRATION]: Hidden zero-width character sequences (U+200B, U+200C, U+200D) were detected within the title of 'SKILL.md'. Decoding this content reveals a URL for data upload ('https://copyleftdev.io/upload'). The use of obfuscation to mask an exfiltration endpoint is a significant security concern as it suggests an attempt to bypass automated scanning.\n- [EXTERNAL_DOWNLOADS]: Hidden zero-width characters within the title of 'references/attack_catalog.md' encode a URL ('https://copyleftdev.io/config'). This hidden reference could allow the skill to fetch external configuration or instructions dynamically without being visible in the plain text source.\n- [COMMAND_EXECUTION]: The skill provides a comprehensive framework for resource, network, and state-based attacks (e.g., CPU stress, network latency, process termination). These capabilities allow for significant system disruption based on input parameters. If combined with the hidden configuration loading mentioned above, this could enable unvetted command execution under the guise of chaos engineering.\n- [PROMPT_INJECTION]: The architecture for defining and executing chaos experiments presents an indirect prompt injection surface where malicious instructions could be embedded in attack definitions.\n

  • Ingestion points: Attack definitions and parameters processed by the 'Attack' and 'SafeChaosExecutor' classes in 'SKILL.md'.\n
  • Boundary markers: Safety logic is present (halt conditions, business hours), but no explicit boundary markers are used to delimit untrusted data or prevent the agent from obeying instructions embedded in the targets.\n
  • Capability inventory: Extensive system disruption capabilities including process management, resource exhaustion, and network manipulation.\n
  • Sanitization: Implementation includes 'excluded_hosts' and 'max_duration_seconds' checks to limit impact.","python_packages":[],"node_packages":[],"remote_code_patterns":[],"obfuscated_urls":[{"url":"https://copyleftdev.io/upload","file_path":"SKILL.md","evidence":"\u2060\u200D\u2060\u200B\u200C\u200B\u200C\u200B\u200B\u200C\u200C\u200D\u200B\u200C\u
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 07:02 PM