Skills
skills/trilwu/secskills/transferring-files/Gen Agent Trust Hub

transferring-files

Fail

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill contains several high-risk patterns for executing code directly from remote servers. This includes piping remote scripts to shells (curl | bash), using PowerShell's Invoke-Expression (IEX) to run remote strings, and utilizing built-in Windows utilities like mshta and regsvr32 to execute remote payloads.
  • [DATA_EXFILTRATION]: Explicit instructions are provided for exfiltrating sensitive data, including system files like /etc/passwd. Methods described include using HTTP POST requests, DNS tunneling, and ICMP (ping) packets to move data out of a network.
  • [COMMAND_EXECUTION]: The skill provides commands to execute system-level operations via database services, such as using xp_cmdshell in MSSQL and COPY ... TO PROGRAM in PostgreSQL, which can be used to run arbitrary downloads or tools.
  • [EXTERNAL_DOWNLOADS]: Multiple examples demonstrate downloading executable files and scripts from external IP addresses (e.g., 10.10.10.10) using tools like certutil, bitsadmin, wget, and curl.
  • [CREDENTIALS_UNSAFE]: The skill includes examples with hardcoded placeholder credentials (e.g., user:password) and demonstrates automated FTP scripts containing plaintext credentials.
Recommendations
  • HIGH: Downloads and executes remote code from: http://10.10.10.10:8000/file, http://10.10.10.10/script.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 21, 2026, 01:18 AM