Skills
skills/transilienceai/communitytools/system/Gen Agent Trust Hub

system

Fail

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: CRITICALCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The file reference/system-exploitation.md contains a script designed to overwrite the /usr/bin/bash binary with a trojan wrapper. This script uses os.O_TRUNC and os.write to replace the system shell with a payload that creates a persistent SUID root shell. This behavior is flagged by security scanners as a trojan (Agent-RX). The skill also documents numerous other commands for system modification and binary replacement.\n- [REMOTE_CODE_EXECUTION]: The skill provides numerous instructions for downloading and executing code from external sources. Examples include fetching the Jenkins CLI jar (jenkins-cli.jar) and Alpine Linux images from attacker-controlled servers. It also details methods for achieving RCE through MSBuild project files, PHP filter chains, and service vulnerabilities.\n- [DATA_EXFILTRATION]: The skill documents workflows for exfiltrating highly sensitive information, such as the Windows Active Directory database (NTDS.dit), registry hives (SAM, SYSTEM, SECURITY), and full user profiles including SSH keys and browser data.\n- [CREDENTIALS_UNSAFE]: Comprehensive methodologies are provided for extracting cleartext credentials and hashes from system components, including LAPS passwords, Winlogon auto-admin secrets, and Chromium-based browser credential stores using DPAPI decryption.\n- [EXTERNAL_DOWNLOADS]: The skill instructs users to download and run third-party security tools like LinPEAS, WinPEAS, and linux-exploit-suggester.sh from external locations to identify privilege escalation paths.\n- [INDIRECT_PROMPT_INJECTION]: The skill creates a vulnerability surface by processing untrusted system and network enumeration data (Ingestion points: system-exploitation.md
  • LDAP results, system logs, file contents) to drive highly capable exploitation tools (Capability inventory: system-exploitation.md
  • subprocess execution, system binary modification, credential extraction). It lacks explicit boundary markers or sanitization steps for the processed data, which could allow maliciously crafted system information to influence agent behavior (Severity: LOW).
Recommendations
  • CRITICAL: 1 infected file(s) detected - DO NOT USE
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
May 13, 2026, 10:30 PM