privesc-check
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill serves as an instructional guide for security professionals to perform privilege escalation audits. The techniques described (e.g., checking SUID bits, sudo permissions, and SeImpersonatePrivilege) are standard security assessment practices.
- [COMMAND_EXECUTION]: The skill lists numerous shell and PowerShell commands (e.g.,
sudo -l,find / -perm -4000,whoami /priv,sc qc) intended to be executed on a target system to verify security configurations. These are consistent with the 'postexploit' category identified in the metadata. - [PROMPT_INJECTION]: The skill defines an attack surface for indirect prompt injection where the output of system commands (like
whoami /allorsudo -l) is ingested by the agent to provide suggestions. - Ingestion points: System command output processed in
SKILL.mdvia theprivesc_suggestworkflow. - Boundary markers: Absent; there are no specified delimiters or instructions to ignore instructions embedded within the command output.
- Capability inventory: The skill encourages the use of system-level commands and suggests using specialized tools for exploitation (e.g., 'Potato' series).
- Sanitization: Absent; the skill does not define methods to escape or validate the contents of the ingested system output before processing.
Audit Metadata