path-traversal-lfi
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes an 'AI LOAD INSTRUCTION' block that directs the AI to adopt an expert attacker persona and bypass standard model limitations regarding the generation of offensive security content.
- [DATA_EXFILTRATION]: The playbook identifies and targets sensitive system information for extraction, including /etc/shadow, SSH private keys, and cloud provider credentials like AWS keys.
- [REMOTE_CODE_EXECUTION]: It contains detailed methodologies for achieving remote code execution on target systems through log poisoning, PHP session file manipulation, and various PHP wrappers such as data:// and expect://.
- [COMMAND_EXECUTION]: The skill provides specific shell command examples for exploitation, such as injecting PHP payloads through SSH login attempts and utilizing external security tools like filter chain generators.
Audit Metadata