xslt-injection
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: Documents techniques for reading local system files, such as /etc/passwd and win.ini, to test for XML External Entity (XXE) and document() function vulnerabilities in XSLT processors.- [EXTERNAL_DOWNLOADS]: Includes payloads for demonstrating Server-Side Request Forgery (SSRF) and Out-of-Band (OOB) requests using the document() function to fetch remote resources.- [COMMAND_EXECUTION]: Provides implementation examples for achieving Remote Code Execution (RCE) by leveraging platform-specific extensions in Java (Xalan/Saxon), PHP, and .NET (msxsl:script).- [PROMPT_INJECTION]: Identifies an indirect prompt injection surface where the agent processes untrusted output reflected from target applications during vulnerability verification.
- Ingestion points: Target application responses reflected in the agent's context during probing.
- Boundary markers: Absent in the example payloads.
- Capability inventory: Documents dangerous capabilities including file-write (EXSLT), shell command execution (Extensions), and network operations (document()).
- Sanitization: No validation or filtering of target responses is specified.
Audit Metadata