skills/mukul975/anthropic-cybersecurity-skills/exploiting-template-injection-vulnerabilities/Gen Agent Trust Hub
exploiting-template-injection-vulnerabilities
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides numerous pre-crafted payloads specifically designed to achieve remote code execution across multiple template engines, including Jinja2, Twig, Freemarker, and Velocity.
- [COMMAND_EXECUTION]: The included 'scripts/agent.py' script automates the delivery of these exploitation payloads to remote targets and provides methods to verify execution via commands like 'id' and 'whoami'.
- [DATA_EXFILTRATION]: The skill contains payloads and instructions for exfiltrating sensitive server-side information, including the content of '/etc/passwd' and application configuration items like 'SECRET_KEY'.
- [EXTERNAL_DOWNLOADS]: The documentation instructs the agent to download and run external security tools from unverified GitHub repositories ('github.com/epinna/tplmap.git') and install packages from public registries.
- [COMMAND_EXECUTION]: The 'scripts/agent.py' script utilizes the 'requests' library with 'verify=False', which explicitly disables SSL/TLS certificate verification, potentially exposing the agent to man-in-the-middle attacks during exploitation tasks.
Recommendations
- AI detected serious security threats
Audit Metadata