Skills
skills/wgpsec/aboutsecurity/ssti-methodology/Gen Agent Trust Hub

ssti-methodology

Warn

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides comprehensive exploitation chains to achieve arbitrary code execution in various template engines, including Jinja2, Twig, Mako, FreeMarker, and Pug.
  • [COMMAND_EXECUTION]: Instructions guide the agent to execute system commands such as id, env, find, and cat via templates on target servers.
  • [DATA_EXFILTRATION]: Payloads are included to specifically extract sensitive system files like /etc/passwd and /flag.txt, as well as application configuration secrets like SECRET_KEY and database connection strings.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. Ingestion points: Target server responses are processed via analyze_response to locate injection points. Boundary markers: None are defined to isolate untrusted server output from the agent's context. Capability inventory: The agent uses http_request and python3 to interact with and exploit targets. Sanitization: No validation or sanitization of target server output is performed before the agent uses it to determine subsequent actions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 22, 2026, 10:08 AM