Skills
skills/elementalsouls/claude-bughunter/hunt-laravel/Gen Agent Trust Hub

hunt-laravel

Fail

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill downloads an exploit script from a third-party GitHub repository (ambionics/laravel-ignition-rce) and executes it locally using the php interpreter to target CVE-2021-3129.
  • [DATA_EXFILTRATION]: The instructions specifically target the retrieval of sensitive environment files (.env), log files, and API endpoints (Telescope/Horizon) that are known to leak credentials, API keys, database connection strings, and personally identifiable information (PII).
  • [COMMAND_EXECUTION]: The skill uses a variety of shell commands including curl, php, and git to conduct vulnerability scanning, exploit delivery, and payload execution against target systems.
Recommendations
  • HIGH: Downloads and executes remote code from: https://$TARGET/telescope/api/commands, https://$TARGET/telescope/api/requests, https://$TARGET/telescope/api/redis - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 13, 2026, 04:05 PM
Security Audit — agent-trust-hub — hunt-laravel