Skills
skills/sickn33/antigravity-awesome-skills/file-path-traversal/Gen Agent Trust Hub

file-path-traversal

Warn

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides numerous command-line examples using tools such as curl, ffuf, and wfuzz. These commands are designed to automate the testing of web application parameters for directory traversal vulnerabilities.
  • [REMOTE_CODE_EXECUTION]: Phase 8 and Phase 9 of the skill describe methods for achieving Remote Code Execution (RCE) on a target server. This includes techniques like log poisoning (injecting PHP code into access logs) and using PHP wrappers such as php://input, data://, and expect:// to execute system commands.
  • [DATA_EXFILTRATION]: The skill explicitly targets sensitive system and application files. It provides payloads for reading Linux user accounts (/etc/passwd), password hashes (/etc/shadow), private SSH keys (id_rsa), and database credentials in configuration files like wp-config.php and web.config on Windows.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 28, 2026, 02:24 PM