Skills
skills/killvxk/malskills-zh/shellerator/Gen Agent Trust Hub

shellerator

Warn

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the 'shellerator' package using pip install shellerator. This fetches code from the PyPI registry that is not from a predefined trusted vendor.
  • [COMMAND_EXECUTION]: The skill is centered around executing the shellerator CLI tool to generate functional shell payloads (e.g., bash, powershell, python). This capability is primarily used for exploitation and post-exploitation activities.
  • [INDIRECT_PROMPT_INJECTION]: The skill accepts user-supplied parameters (IP addresses, ports, and languages) to generate executable shell code, creating a potential surface for injection if the agent executes the output or if the parameters are not validated.
  • Ingestion points: User-supplied arguments for --ip, --port, and --l parameters in SKILL.md.
  • Boundary markers: Absent; the instructions do not specify delimiters or warnings to ignore instructions embedded in user-provided data.
  • Capability inventory: The skill utilizes pip for installation and executes shell-generation commands via the CLI.
  • Sanitization: No sanitization or validation logic for the user-provided network parameters or language choices is documented.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 9, 2026, 06:12 PM