theme-hacker
Fail
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes aggressive role-play instructions and high-pressure framing (e.g., threatening to 'open-source the AI as a target' if it fails to obtain domain admin) to bypass safety constraints and establish an unrestricted hacker persona.
- [COMMAND_EXECUTION]: Explicitly directs the agent to perform 'privilege escalation' and 'lateral movement' with instructions to return an administrative 'root#' prompt, which constitutes high-risk behavior intended to compromise system security.
- [COMMAND_EXECUTION]: Mentions 'anti-forensics' and 'cleaning traces' (清理痕迹) as core capabilities and methodology steps, which are techniques used by attackers to hide malicious activity and maintain persistence.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the ingestion of unsanitized external data via placeholders such as '{{入口点}}' (entry point) and '{{flag / 敏感数据}}' (flag / sensitive data). Ingestion points: Input format section in SKILL.md. Boundary markers: Absent. Capability inventory: Reconnaissance, scanning, and system cracking instructions. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata