ctf-web-recon
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill directs the agent to fetch and analyze untrusted external content (including HTML comments, JavaScript files, and HTTP response headers) from CTF targets, creating a surface for indirect prompt injection. 1. Ingestion points: Data entering via http_request when analyzing target websites (SKILL.md). 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified. 3. Capability inventory: Use of http_request and potentially other shell-based tools for analysis. 4. Sanitization: No sanitization or validation of the fetched external content is described.
- [DATA_EXFILTRATION]: The reconnaissance workflow instructs the agent to attempt to locate and read sensitive configuration and backup files such as .env, .git metadata, and website archives (e.g., www.zip) on target systems.
- [COMMAND_EXECUTION]: The instructions recommend the use of specialized security tools such as githacker to perform brute-force recovery of discovered Git repositories.
Audit Metadata