okta-attack
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill contains numerous bash script templates that utilize
curlanddigto perform automated reconnaissance and active testing against remote Okta tenants. These scripts are intended to be executed in the agent's shell environment to discover subdomains, check DNS records, and probe authentication APIs. - [EXTERNAL_DOWNLOADS]: The documentation directs users to an external third-party repository on GitHub (
github.com/silverhack/OktaTerrify) for post-compromise enumeration. While it does not automate the download, it encourages the use of external code that has not been verified for safety. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it instructs the agent to analyze and act upon data retrieved from untrusted external sources, such as HTTP response bodies, OIDC configurations, and DNS records. There are no explicit boundary markers or sanitization steps defined for processing this external data.
- [DATA_EXFILTRATION]: The skill provides detailed instructions on how to capture, exchange, and utilize sensitive identity tokens (e.g.,
stateToken,sessionToken, andSSWSadmin tokens). If misused, these procedures facilitate the unauthorized extraction and use of privileged credentials.
Audit Metadata