CTF Web Solver
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): Multiple files, including
docs/TOOLS.mdandmodules/blockchain.md, contain the commandcurl -L https://foundry.paradigm.xyz | bash. This pattern of piping remote content directly into a shell from an untrusted, non-whitelisted source is a primary vector for remote code execution. - EXTERNAL_DOWNLOADS (HIGH): The skill provides numerous instructions to download and execute third-party scripts, binaries, and packages from non-whitelisted domains. Examples include
wgetforysoserial-all.jarandgit clonefor repositories likeXSStrike,tplmap, andGopherus. Per the trust-scope-rule, since these organizations and URLs are not on the trusted list, they represent a high-risk dependency chain. - COMMAND_EXECUTION (MEDIUM): Throughout the modules (e.g.,
modules/rce.md), there are extensive lists of shell commands, reverse shell payloads, and bypass techniques. While documented for use against CTF targets, these instructions could be accidentally executed by an agent in its host environment if misinterpreted. - UNVERIFIABLE DEPENDENCIES (MEDIUM): The skill relies on several package managers (
pip,npm,go install) to fetch dependencies from public registries without specifying versions or integrity hashes, increasing the risk of supply chain attacks.
Recommendations
- AI detected serious security threats
Audit Metadata