expression-language-injection
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides numerous ready-to-use payloads for executing arbitrary code via Java Expression Languages, including Spring Expression Language (SpEL), Object-Graph Navigation Language (OGNL), and Java EL (JSP/JSF).
- Payloads leverage
java.lang.Runtime.getRuntime().exec()andjava.lang.ProcessBuilderfor direct command execution. - Includes reflection-based techniques to bypass security sandboxes (e.g., bypassing
SimpleEvaluationContextin Spring). - [COMMAND_EXECUTION]: Provides explicit shell command examples (
curl) to interact with vulnerable endpoints and trigger RCE, specifically targeting the Spring Cloud Gateway actuator (CVE-2022-22947) and various Struts2 vectors. - [DATA_EXFILTRATION]: Includes methodologies for capturing command output from the target system and exfiltrating it via HTTP response headers using
StreamUtilsandIOUtilsto convert process input streams to strings. - [PROMPT_INJECTION]: Contains a dedicated
AI LOAD INSTRUCTIONblock designed to override the agent's default behavior by adopting an "Expert Attack Playbook" persona. This shapes the agent's output towards facilitating offensive security operations.
Recommendations
- AI detected serious security threats
Audit Metadata