exploit-file-download
Fail
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill includes instructions to download and execute a script from a remote URL using a piped bash command:
curl -L https://raw.githubusercontent.com/epi052/feroxbuster/main/install-nix.sh | bash. - [DATA_EXFILTRATION]: The skill is designed to locate and read sensitive files, including
/etc/shadow, root SSH keys (id_rsa), and environment configuration files (.env) containing secrets. - [COMMAND_EXECUTION]: The skill utilizes several CLI tools (
curl,wget,ffuf,go) to interact with target systems and execute local scripts that communicate with external servers. - [EXTERNAL_DOWNLOADS]: The skill installs third-party software from untrusted external sources, such as
feroxbuster,ffuf, anddirsearch. - [PROMPT_INJECTION]: The skill provides numerous payloads specifically crafted to bypass safety filters and input validation mechanisms. It also identifies an indirect prompt injection surface where untrusted data from target web responses enters the agent context (ingestion points: HTTP response text) without boundary markers or sanitization, combined with capabilities for network access and file writing (capability inventory: requests.get in scripts/file_download_tester.py, file writing in scripts/file_download_storage.py).
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/epi052/feroxbuster/main/install-nix.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata