netcat
Fail
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for executing various system utilities including nc, bash, tar, gzip, and mkfifo for network operations.
- [REMOTE_CODE_EXECUTION]: The skill contains explicit command templates for setting up reverse shells and bind shells (e.g., nc -e /bin/bash or shell piping with mkfifo). These patterns enable arbitrary remote command execution on the host system.
- [DATA_EXFILTRATION]: Instructions are provided for transferring files and directories to remote targets using redirection and pipes (e.g., nc < file.txt), creating a path for unauthorized data removal.
- [PROMPT_INJECTION]: The skill implements network listeners that receive data from untrusted external sources.
- Ingestion points: Commands like nc -l allow the agent to receive arbitrary data from the network into files or pipes.
- Boundary markers: No boundary markers or ignore instructions delimiters are specified for handling received data.
- Capability inventory: The skill utilizes bash, sh, and nc to execute shell commands and manage network connections.
- Sanitization: No sanitization, escaping, or validation of data received over the network is performed.
Recommendations
- AI detected serious security threats
Audit Metadata