ofbiz-exploit
Fail
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's Python code in
references/auth-bypass-and-xmlrpc.mdandreferences/groovy-rce-exploits.mdusessubprocess.run(shell=True)to execute system commands. These commands are often constructed from user-provided input, posing a significant risk of local command injection. - [EXTERNAL_DOWNLOADS]: Instructions in
references/auth-bypass-and-xmlrpc.mddirect users to downloadysoserial-all.jarfrom a non-trusted GitHub repository (github.com/frohoff) and execute it locally via Java, bypassing safe dependency management. - [REMOTE_CODE_EXECUTION]: The skill provides scripts to perform remote code execution on targets, including reverse shell payloads and Groovy expression injection. While intended for exploitation of targets, the underlying local execution logic is highly dangerous for the environment running the agent.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface. It fetches content from external URLs and extracts data using regex (e.g.,
extract_resultinreferences/groovy-rce-exploits.md) without validation. 1. Ingestion points:resp.textfromrequestscalls in multiple scripts. 2. Boundary markers: Absent. 3. Capability inventory:subprocess.run,requests.post. 4. Sanitization: The skill does not validate or sanitize extracted data before it is presented to the agent or used in further operations.
Recommendations
- CRITICAL: 1 infected file(s) detected - DO NOT USE
- AI detected serious security threats
Audit Metadata