web-security
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The XSS reference file (reference/xss.md) contains explicit payloads to steal browser cookies and exfiltrate them to an external server.
- [COMMAND_EXECUTION] (HIGH): The skill documents multiple techniques to bypass filters for OS command injection and provides instructions for using 'sqlmap' to obtain an interactive OS shell on target systems.
- [REMOTE_CODE_EXECUTION] (HIGH): reference/ssti.md and reference/auth-deser.md provide functional code templates for achieving remote code execution via Jinja2 template injection and Python Pickle deserialization.
- [DATA_EXFILTRATION] (MEDIUM): The reference files for SSRF and Path Traversal provide methods to read sensitive system files such as /etc/passwd and cloud provider metadata.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it ingests untrusted content from external web targets (via tools like curl and ffuf) and possesses powerful capabilities like shell access. Evidence: 1. Ingestion points: HTTP responses and headers from external targets. 2. Boundary markers: None. 3. Capability inventory: Bash, Read, and Write tools. 4. Sanitization: None detected.
Recommendations
- AI detected serious security threats
Audit Metadata