skills/mukul975/anthropic-cybersecurity-skills/exploiting-api-injection-vulnerabilities/Gen Agent Trust Hub
exploiting-api-injection-vulnerabilities
Warn
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a functional Python agent (scripts/agent.py) and specific instructions in SKILL.md to automate the execution of OS commands on remote servers through command injection payloads.
- [DATA_EXFILTRATION]: SKILL.md contains an explicit payload designed to exfiltrate system data (the current user name) to an external server controlled by an attacker.
- [REMOTE_CODE_EXECUTION]: The skill's core functionality is to achieve Remote Code Execution (RCE) on target backend systems via various injection vectors, including OS command injection and SQL injection.
- [EXTERNAL_DOWNLOADS]: The script scripts/agent.py communicates with external URLs and disables SSL certificate verification, increasing the risk of man-in-the-middle attacks during the scanning process.
Audit Metadata