wooyun-legacy
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requests the 'Bash' tool, which allows the agent to execute shell commands. This is a high-privilege capability intended for vulnerability research and testing on target systems. \n- [EXTERNAL_DOWNLOADS]: The documentation discusses using 'curl' and 'wget' as part of testing methodologies to interact with remote servers and Out-of-Band (OOB) logging services (e.g., ceye.io). \n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection attack surface. \n
- Ingestion points: The agent interacts with external web targets and reads data from files via 'Read', 'Grep', and 'Bash'. \n
- Boundary markers: No explicit delimiters are used to wrap or isolate data ingested from external systems. \n
- Capability inventory: The agent is granted 'Bash' shell access and filesystem access through 'Read', 'Grep', and 'Glob' tools. \n
- Sanitization: The instructions do not define sanitization or escaping protocols for content retrieved from targets before it is processed.
Audit Metadata