ctf-stego
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill provides numerous Python snippets and Bash commands (e.g.,
binwalk,exiftool,tshark) for analyzing and manipulating binary files. While these are necessary for steganography, they represent a significant execution surface for the agent. - [EXTERNAL_DOWNLOADS] (MEDIUM): Includes instructions to install several third-party Python packages (
stegano,sstv,morse-audio-decoder) and references external system tools. This introduces a supply chain risk if the host environment is not isolated. - [PROMPT_INJECTION] (LOW): Potential for Indirect Prompt Injection. The skill is designed to extract hidden text from untrusted media files (images, audio, text). If the extracted content contains malicious instructions, they could influence the agent's subsequent actions.
- Ingestion points: Processes user-provided images, audio files, and network captures.
- Boundary markers: None present in the provided snippets to distinguish between extracted data and instructions.
- Capability inventory: Has access to
Bash,Write,Edit, andTasktools, which could be abused if an injection is successful. - Sanitization: No explicit sanitization or validation of extracted content is shown before it is potentially printed or processed further.
Audit Metadata