solve-challenge
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill uses the Bash tool to execute arbitrary shell commands. This is a high-risk capability that is necessary for the CTF use case but susceptible to manipulation. Additionally, it dynamically constructs file paths (e.g., '.agents/skills/ctf-/SKILL.md') which could lead to path traversal if the category is not validated.
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from $ARGUMENTS and WebFetch without sanitization. Evidence: (1) Ingestion points: $ARGUMENTS, WebFetch, and files read locally; (2) Boundary markers: None; (3) Capability inventory: Bash, Write, and WebFetch; (4) Sanitization: None.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill's startup sequence explicitly directs the agent to 'Fetch everything' from remote URLs and services, which may contain malicious content.
- REMOTE_CODE_EXECUTION (MEDIUM): The skill instructions suggest a workflow of writing and executing scripts (e.g., solve.py) based on the analysis of external, potentially malicious, challenge files.
Audit Metadata