Skills
skills/kiwamizamurai/cctf/writeup-generator/Gen Agent Trust Hub

writeup-generator

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill possesses a high-risk attack surface by ingesting untrusted data while holding high-privilege capabilities.\n
  • Ingestion points: The instructions direct the agent to read solve.py, files in the dist/ directory, and notes/debug output in the work/ directory.\n
  • Capability inventory: The skill is granted access to the Bash, Write, Edit, and Read tools via the YAML frontmatter.\n
  • Boundary markers: Absent. There are no instructions to delimit untrusted file content or to ignore embedded instructions within those files.\n
  • Sanitization: Absent. The skill does not provide any mechanism to sanitize or validate the content of the files before the agent processes them.\n
  • Impact: An attacker could place malicious instructions in a challenge's README or a comment in a solution script that the agent would then execute using the Bash tool.\n- Command Execution (HIGH): The skill is explicitly granted Bash access.\n
  • Evidence: The allowed-tools section includes Bash, which permits arbitrary code execution. This is a significant risk when the skill is also instructed to parse and act upon external, untrusted content.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 10:18 PM