john
Fail
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill directs the agent to access and read /etc/shadow, a highly sensitive system file containing password hashes for users. Reading this file is a primary step in credential theft or unauthorized privilege discovery.
- [COMMAND_EXECUTION]: The skill relies on executing multiple powerful shell commands such as unshadow, john, and various archive tools (zip2john, rar2john, pdf2john). It also executes local bash scripts (scripts/john/*.sh) to automate these cracking processes.
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by interpolating untrusted data into command-line arguments. * Ingestion points: User-provided values for , , and wordlist files are used directly in shell commands. * Boundary markers: There are no explicit boundary markers or instructions telling the agent to treat the contents of these inputs as data rather than instructions. * Capability inventory: The skill has extensive capabilities including subprocess execution, system file access, and network-independent command execution. * Sanitization: The provided instructions do not include any sanitization, escaping, or validation logic for the user-supplied strings before they are passed to the shell.
Recommendations
- AI detected serious security threats
Audit Metadata