Skills
skills/trailofbits/skills/aflpp/Gen Agent Trust Hub

aflpp

Warn

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides a script to create a wrapper that runs Docker containers with the '--privileged' flag and mounts the local directory into the container, granting the container extensive access to the host system.
  • [COMMAND_EXECUTION]: Instructions suggest disabling OS-level security features by adding 'mitigations=off' to the kernel boot parameters and performing a system reboot, which significantly reduces the host's protection against side-channel attacks.
  • [COMMAND_EXECUTION]: The provided wrapper script passes all user-supplied arguments directly to a shell ('bash -c "$*"'), which could be exploited for command injection if used to process untrusted input.
  • [EXTERNAL_DOWNLOADS]: Fetches a utility header file ('argv-fuzz-inl.h') from the official AFL++ GitHub repository to enable specific fuzzing features.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 28, 2026, 07:52 AM