containing-active-breach
Warn
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/agent.pyusessubprocess.runto execute security-sensitive operations including firewall modifications (iptables) and Active Directory management (powershell). - [COMMAND_EXECUTION]: In
scripts/agent.py, functions such asdisable_ad_accountandreset_ad_passworduse f-strings to construct PowerShell commands. This approach is vulnerable to command injection if input parameters like usernames or domain controllers contain malicious characters. - [COMMAND_EXECUTION]: The
sinkhole_domainfunction inscripts/agent.pyappends unvalidated domain strings directly to the system/etc/hostsfile, which could allow an attacker to manipulate local DNS resolution. - [DATA_EXFILTRATION]: The skill implements a
collect_volatile_evidencefunction that gathers sensitive system state information (e.g., process lists, network connections, and open files). While intended for forensics, this capability exposes high-value system metadata. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its processing of incident-related data.
- Ingestion points: Input parameters are passed from the agent to
scripts/agent.pyvia command-line arguments. - Boundary markers: The skill does not implement delimiters or warnings to ignore instructions embedded in the processed data.
- Capability inventory: The skill possesses the ability to execute shell and PowerShell commands and perform file-write operations.
- Sanitization: There is no evidence of validation or sanitization for parameters used in command construction or file writes.
Audit Metadata