deserialization-insecure
Fail
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: CRITICALCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The playbook includes several hardcoded default AES keys for Apache Shiro (e.g., 'kPH+bIxk5D2deZiIxcaaaA==', 'wGJlpLanyXlVB1LUUWolBg==') which are frequently used in automated attacks to forge authentication cookies.
- [COMMAND_EXECUTION]: Numerous shell command examples are provided for various exploitation tools like ysoserial and PHPGGC, including commands that use 'curl', 'id', and 'whoami' for verification of remote code execution.
- [DATA_EXFILTRATION]: The skill encourages the use of out-of-band (OOB) DNS services such as 'dnslog.cn' and 'burpcollaborator.net' to confirm vulnerabilities, which inherently involves sending session-specific data to external infrastructure. One specific domain mentioned (xxx.dnslog.cn) is flagged as malicious by external reputation services.
- [REMOTE_CODE_EXECUTION]: Provides functional code snippets for exploiting deserialization sinks in Python (pickle.loads), Node.js (node-serialize IIFE patterns), and Ruby (YAML/Marshal), designed to achieve arbitrary code execution on target systems.
- [PROMPT_INJECTION]: The 'AI LOAD INSTRUCTION' directive sets a persona for the agent ('Expert Attack Playbook') to provide advanced exploitation techniques, which could be used to circumvent general safety guidelines regarding the generation of offensive security content.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata