ot-ics-attack
Warn
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of multiple industrial protocol libraries and the cloning of the Industrial Exploitation Framework (ISF) from an untrusted third-party GitHub repository (dark-lbp/isf).
- [REMOTE_CODE_EXECUTION]: Instructions include downloading and running the ISF framework locally, which involves executing code from an external source without integrity verification.
- [COMMAND_EXECUTION]: The skill provides numerous shell commands for network reconnaissance using Nmap, Shodan, and protocol-specific tools like mbtget.
- [DATA_EXFILTRATION]: Includes code to upload and save PLC program blocks and firmware, which can lead to the exfiltration of sensitive industrial logic and proprietary configuration.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing untrusted data from OT devices (e.g., Modbus registers, S7 data blocks) without sanitization or boundary markers, creating a risk that compromised hardware could influence agent behavior.
Audit Metadata