semantic-aware-advanced-persistent-threat
Warn
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DYNAMIC_EXECUTION]: The provided Python code examples use
torch.load()to restore model states. By default, this function utilizes thepicklemodule, which is known to be vulnerable to arbitrary code execution during deserialization if the input file is malicious or has been tampered with. - [INDIRECT_PROMPT_INJECTION]: The skill's primary function is to ingest and process untrusted system logs (e.g., syslog, auditd, CDM records) from external environments. It provides templates to interpolate these logs into natural language sentences for model processing.
- Ingestion points: System logs and DARPA TC dataset traces (SKILL.md).
- Boundary markers: None identified in the provided templates.
- Capability inventory: Data parsing, natural language templating, and PyTorch model training/inference.
- Sanitization: No sanitization or validation of the input log fields is documented before they are converted to text and embedded.
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to parse system logs that include sensitive file paths such as
/etc/shadow,/etc/passwd, and SSH keys. While intended for detection purposes, this requires the agent to handle and extract data from high-privilege system areas. - [METADATA_POISONING]: The skill references a research paper titled 'Semantic-Aware Advanced Persistent Threat Detection Using Autoencoders on LLM-Encoded System Logs' attributed to 'Khan Mohammed et al., 2026' with a link to arXiv. The date (2026) indicates this is a hallucinated or deceptive reference, as it is future-dated relative to the current timeframe.
Audit Metadata