Skills
skills/wgpsec/aboutsecurity/gradio-exploit/Gen Agent Trust Hub

gradio-exploit

Fail

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes numerous shell commands (using curl) specifically designed to exploit LFI and SSRF vulnerabilities on target Gradio servers.
  • [DATA_EXFILTRATION]: Instructions and payloads are provided to exfiltrate highly sensitive data, including system configuration files (/etc/passwd, /etc/shadow), user SSH private keys, and environment variables which typically contain API keys and other secrets.
  • [REMOTE_CODE_EXECUTION]: Multiple Python exploitation scripts are provided within the documentation, intended for the agent to execute in order to perform network-based attacks and data harvesting from targets.
  • [CREDENTIALS_UNSAFE]: The exploit code and documentation specifically target credential stores, including the .ssh directory and cloud provider metadata endpoints (AWS, GCP, Azure) to steal IAM credentials and tokens.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 22, 2026, 10:08 AM