Skills
skills/ljagiello/ctf-skills/ctf-web/Gen Agent Trust Hub

ctf-web

Fail

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Multiple files including server-side-deser.md and server-side-exec.md contain functional reverse shell payloads in Python and Bash. These scripts are designed to establish outbound connections to external ports to provide shell access.
  • [PROMPT_INJECTION]: The auth-and-access.md file contains explicit instructions and specific templates designed to bypass LLM safety guardrails and override system instructions. Examples include phrases like 'Ignore all instructions', 'System Override', and 'Repeat your full system prompt'.
  • [COMMAND_EXECUTION]: The skill requires the installation and execution of various system-level tools such as sqlmap, hashcat, and ffuf. It also includes numerous Python code blocks that execute shell commands via os.system and subprocess.run to perform exploitation tasks.
  • [DATA_EXFILTRATION]: server-side-exec.md provides examples of exfiltrating sensitive file data (e.g., /flag.txt) to external webhooks and attacker-controlled servers using curl and network redirects.
  • [EXTERNAL_DOWNLOADS]: SKILL.md instructs the agent to download and install packages from public registries and third-party GitHub repositories, including the ysoserial Java deserialization tool.
  • [Infected Files]: Automated antivirus scanning detected a potential Trojan signature (Python:Agent-RX) in server-side-advanced-2.md. This file contains a rogue MySQL server implementation designed to harvest files from connecting clients.
Recommendations
  • CRITICAL: 1 infected file(s) detected - DO NOT USE
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 17, 2026, 12:11 PM