steganography-techniques
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs downloading executable files and packages from unverified external sources. Specifically, it fetches a Debian package from a third-party GitHub repository (RickdeJager/stegseek) and a Java application (Stegsolve.jar) from an unencrypted HTTP domain (caesum.com).
- [REMOTE_CODE_EXECUTION]: Instructions include the direct execution of downloaded third-party code. Examples include running a downloaded JAR file with
java -jarand installing a downloaded .deb file usingsudo dpkg -i. - [COMMAND_EXECUTION]: The skill makes extensive use of system-level commands with elevated privileges (
sudo). Whilesudo apt installfor official repositories is standard, the use ofsudo dpkg -ion unverified external downloads significantly increases security risk. Additionally, it runsgo installfrom a third-party repository and executesstegoveritas_install_deps, which may perform further unverified system modifications. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted media files (images, audio, text) containing potentially attacker-controlled metadata or content.
- Ingestion points: Untrusted media files (images, audio, and text) enter the agent's context through tools like
exiftool,binwalk, andzsteg(SKILL.md). - Boundary markers: The instructions lack explicit delimiters or warnings to ignore instructions embedded within the data extracted from these files.
- Capability inventory: The skill uses powerful tools capable of file-system writes, file carving, and subprocess execution across all forensic scripts.
- Sanitization: There is no evidence of sanitization or validation of the data extracted from these files before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata