Skills
skills/wgpsec/aboutsecurity/ctf-flag-hunting/Gen Agent Trust Hub

ctf-flag-hunting

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides a wide range of shell commands (e.g., find, grep, cat, ps, netstat) and database queries designed to be executed on a target host to explore its environment and retrieve specific information.
  • [DATA_EXFILTRATION]: The instructions involve accessing sensitive system files such as /etc/passwd, .env, and /proc/self/environ, as well as application configuration files like config.php and config.py. While these are used here as markers for 'flags' or to verify access (LFI/RCE), they represent access to sensitive data structures and credentials in a standard environment.
  • [REMOTE_CODE_EXECUTION]: The skill guides the agent on how to leverage existing execution vulnerabilities (like SQL injection or RCE) to perform further system exploration, including using the SQL LOAD_FILE function to read local files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 08:15 AM