xxe-xml-external-entity
Warn
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill provides explicit instructions and payloads for reading sensitive file paths, including SSH private keys (
/home/USER/.ssh/id_rsa), AWS credentials (/home/USER/.aws/credentials), and system configuration files (/etc/passwd,/etc/shadow).- [DATA_EXFILTRATION]: It documents Out-Of-Band (OOB) exfiltration techniques, providing templates to send harvested file content to external domains (e.g.,http://attacker.com/).- [COMMAND_EXECUTION]: The skill includes shell command sequences (unzip,zip) for creating malicious Office documents and references the use of the PHPexpect://wrapper for remote command execution (RCE).
Audit Metadata