pentest-exploit-execution-payload-control
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The activation triggers such as 'weaponize', 'build exploit', and 'payload' can be used to steer an AI agent toward restricted offensive behaviors. These instructions could be leveraged to bypass standard AI safety constraints by framing the request as a legitimate security assessment.
- COMMAND_EXECUTION (LOW): The skill instructs the agent to 'Produce reproducible commands' and develop 'payload strategies' based on user-provided primitives. This poses a risk of generating and potentially executing harmful shell commands if the agent is linked to a terminal.
- INDIRECT PROMPT INJECTION (LOW): The skill is designed to process untrusted exploit implementations. 1. Ingestion points: Processes exploit implementation details and payload hardening logic provided in prompts (SKILL.md). 2. Boundary markers: Absent; there are no instructions to use delimiters or to ignore embedded instructions within the ingested exploit primitives. 3. Capability inventory: The skill explicitly directs the generation of reproducible commands and post-exploitation proof (SKILL.md). 4. Sanitization: Absent; the instructions do not require the agent to validate, sanitize, or escape the content of the security primitives it processes.
Audit Metadata