Skills
skills/transilienceai/communitytools/tls-certificate-analysis/Gen Agent Trust Hub

tls-certificate-analysis

Fail

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs shell-based operations in extract_certificate_metadata, extract_sans, and check_protocol_support using the {domain} variable. The variable is interpolated directly into bash commands like openssl s_client -connect {domain}:443. This pattern is highly susceptible to command injection if the input contains shell metacharacters.
  • [PROMPT_INJECTION]: By accepting unsanitized input for use in shell commands, the skill allows an attacker to bypass intended logic and execute arbitrary system commands via a specially crafted domain string.
  • [COMMAND_EXECUTION]: The skill configuration defines execution hooks (pre_network_skill_hook.sh and post_skill_logging_hook.sh) using relative paths that reach outside the skill's directory structure. This configuration triggers the execution of shell scripts during the tool's lifecycle.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 9, 2026, 11:36 PM