write-exploit
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill grants the agent Bash and Task capabilities to run Python scripts it generates locally. This allows for arbitrary command execution on the host environment during the testing phase of the development loop.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill is designed to generate scripts that connect to remote hosts and send payloads. This capability, combined with the processing of external target data, provides a mechanism for remote exploitation and potential exfiltration of local system information.
- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8) due to its core workflow. 1. Ingestion points: Target descriptions in $ARGUMENTS and external challenge files read via WebFetch or Read. 2. Boundary markers: Completely absent; the agent is not instructed to ignore commands embedded in data. 3. Capability inventory: Full read/write/execute/network access via Bash, Task, Write, and WebFetch. 4. Sanitization: None; external content is used directly to guide script generation and execution.
Recommendations
- AI detected serious security threats
Audit Metadata