Skills
skills/transilienceai/communitytools/cve-poc-generator/Gen Agent Trust Hub

cve-poc-generator

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. It instructs the agent to perform research on technical blog posts, Exploit-DB, and GitHub user profiles for exploit details. These untrusted external sources could contain malicious commands intended to manipulate the agent's output.
  • Ingestion points: Technical details are ingested from external URLs such as exploit-db.com, github.com (user repos), and various technical blog posts as described in reference/poc-methodology.md.
  • Boundary markers: No explicit delimiters or instructions are provided to help the agent distinguish between informational content and embedded instructions in the research data.
  • Capability inventory: The skill is designed to write an executable Python script (poc.py) for the user to run.
  • Sanitization: No sanitization or validation logic is specified for the data retrieved from external sources before it is used in code generation.
  • [DATA_EXFILTRATION]: The PoC methodology describes using external callbacks (e.g., webhook.site) for SSRF detection. While a standard testing technique, if the URL is influenced by a malicious external research source, it could be used as a vector for unauthorized data exfiltration.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 07:45 AM