ssrf-testing
Fail
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Automated bash scripts provided in
SKILL.mdandreferences/payloads.mdusecurlin loops to perform network scanning and parameter probing on target environments. - [DATA_EXFILTRATION]: The skill includes payloads and instructions to retrieve sensitive local files (e.g.,
/etc/passwd) and cloud metadata (AWS/GCP/Azure IAM credentials) and transmit them to external Out-of-Band (OOB) servers likeoast.fun. - [EXTERNAL_DOWNLOADS]: The
SKILL.mdfile recommends downloading and installing tools from untrusted GitHub repositories:swisskyrepo/SSRFmapandtarunkant/Gopherus, which are not part of the trusted vendor list. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface by ingesting untrusted data from user-supplied URLs and remote application responses without boundary markers. Ingestion points: user-supplied parameters in
SKILL.md. Boundary markers: absent. Capability inventory: subprocess calls tocurlin loops. Sanitization: absent in provided test scripts.
Recommendations
- AI detected serious security threats
Audit Metadata