crack
Fail
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs shell commands by directly interpolating the $ARGUMENTS variable (e.g., 'bash scripts/hashcat/crack-ntlm-hashes.sh $ARGUMENTS'). This pattern allows for arbitrary command execution if a user provides input containing shell metacharacters such as semicolons, pipes, or backticks.
- [DATA_EXFILTRATION]: The workflow explicitly attempts to access and process highly sensitive system files, specifically /etc/shadow and /etc/passwd (Step 4). Accessing these files exposes system-level authentication data.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from external files (hashes) and tool outputs without sanitization.
- Ingestion points: User-provided hash files or strings via $ARGUMENTS.
- Boundary markers: None present to distinguish between data and instructions.
- Capability inventory: Shell execution (bash, john, hashcat) and file system read/write access.
- Sanitization: No evidence of input validation, escaping, or output filtering before data is processed or displayed.
Recommendations
- AI detected serious security threats
Audit Metadata