ctf-solver
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- Dynamic Execution (HIGH): The skill's primary methodology involves writing and executing Python scripts based on untrusted external inputs such as challenge descriptions and source code. This 'code-from-data' pattern is a significant risk for arbitrary code execution if the input is crafted to manipulate the agent's logic.
- Indirect Prompt Injection (LOW): Ingestion points: Untrusted CTF challenge descriptions, source code, and environment endpoints are ingested for analysis. Boundary markers: Absent; there are no instructions to use delimiters or to treat the challenge data as untrusted. Capability inventory: The agent possesses Bash access, file Read/Write capabilities, and Network access. Sanitization: Absent; the skill contains no requirements for validating or sanitizing external input before processing or using it to generate exploits.
- Data Exfiltration (LOW): The combination of network access and file read permissions allows for the potential exfiltration of sensitive local data if the agent's logic is subverted by malicious challenge content.
Recommendations
- AI detected serious security threats
Audit Metadata