Skills
skills/wgpsec/aboutsecurity/oss-bucket-exploit/Gen Agent Trust Hub

oss-bucket-exploit

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the coscli binary utility from Tencent Cloud's official distribution domain (cosbrowser.cloud.tencent.com) and recommends installing third-party tools like lazys3 and pacu from GitHub.
  • [COMMAND_EXECUTION]: Utilizes a variety of shell commands including curl, aws, coscli, and dig to perform asset identification, listing bucket contents, and modifying cloud access control policies.
  • [REMOTE_CODE_EXECUTION]: Provides instructions to download an external binary from the internet, apply execution permissions via chmod +x, and run it to perform cloud storage operations.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external sources (cloud bucket metadata and object listings) which can be processed by the agent.
  • Ingestion points: Relative file contents and object listings retrieved via curl, aws s3 ls, and coscli ls commands.
  • Boundary markers: None identified; the skill does not implement delimiters to separate external data from the agent's instructions.
  • Capability inventory: Includes broad shell command execution, filesystem read/write access, and network operation capabilities.
  • Sanitization: No validation or sanitization logic is present to filter or escape content retrieved from external buckets.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 10:08 AM