race-condition-exploit
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides various scripts (Bash, Python) that demonstrate exploitation techniques. For example,
references/multi-step-race.mdcontains a shell script for Symlink Race testing, andreferences/race-scripts.mdusescurlin a loop for concurrent requests. These are provided as educational templates for security testing. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes and displays output from external servers (HTTP responses) in various scripts (e.g.,
handleResponseinSKILL.mdand Python scripts inreferences/). - Ingestion points: External target response bodies and headers processed in
SKILL.md,references/multi-step-race.md, andreferences/turbo-intruder-scripts.md. - Boundary markers: Absent; data from remote responses is handled directly without delimiters.
- Capability inventory: Capability to perform network operations (
requests,aiohttp,h2) and execute local shell commands. - Sanitization: Absent; external response data is used as-is for logging or table display.
- [EXTERNAL_DOWNLOADS]: The instructions reference standard and well-known libraries such as
h2,aiohttp, andrequestsfor implementing network attacks, as well as the Turbo Intruder extension for Burp Suite. No unauthorized or suspicious remote code downloads are present. - [SAFE]: The skill is a technical guide for security researchers. It does not contain malicious code targeting the host environment, hardcoded credentials, or data exfiltration logic. The methodologies described are standard industry practices for vulnerability research.
Audit Metadata