Skills
skills/shuvonsec/claude-bug-bounty/bug-bounty/Gen Agent Trust Hub

bug-bounty

Fail

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The script tools/recon_engine.sh contains a highly dangerous pattern where the output of a network request to a certificate transparency log (crt.sh) is piped directly into the python3 interpreter without any validation or sanitization. This allows a compromised or malicious upstream service to execute arbitrary code on the user's system.
  • [COMMAND_EXECUTION]: The skill uses the sudo command in install_tools.sh and tools/recon_engine.sh to perform operations with elevated privileges, such as moving binaries to protected system directories. This acquisition of excessive permissions poses a high risk to the host system's security.
  • [PROMPT_INJECTION]: The skill includes advanced prompt injection capabilities. tools/sneaky_bits.py and tools/hai_payload_builder.py are dedicated to generating 'invisible' injection payloads using Unicode characters (U+2062 and U+2064) to smuggle instructions past LLM guardrails. While these are presented as tools for the user to use against targets, their presence in the skill's own directory structure is a significant security concern for any agent processing this skill.
  • [CREDENTIALS_UNSAFE]: The tools/credential_store.py script is designed to load sensitive authentication tokens, cookies, and API keys from .env files. While it attempts to mask these values in logs, the centralizing of these secrets and the logging of all requested URLs (which may contain tokens) in memory/audit_log.py creates a substantial data exposure risk.
  • [REMOTE_CODE_EXECUTION]: The install_tools.sh script downloads and executes a shell script directly from a remote URL to install Homebrew. While Homebrew is a well-known service, the practice of pipe-to-bash for installation is an unverifiable execution pattern.
  • [DATA_EXFILTRATION]: The skill's primary function involves crawling and extracting data from external websites and APIs. The agent.py and tools/recon_engine.sh components ingest large amounts of untrusted web content and process it using local LLMs or scripts, creating a massive attack surface for indirect prompt injection and data exfiltration.
Recommendations
  • HIGH: Downloads and executes remote code from: https://crt.sh/?q=%25.$TARGET&output=json, https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh - DO NOT USE without thorough review
  • CRITICAL: 3 infected file(s) detected - DO NOT USE
  • AI detected serious security threats
  • Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
May 6, 2026, 11:37 AM