tool-delivery
Fail
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides explicit instructions for downloading binaries from external, attacker-controlled servers and executing them immediately using commands like 'wget' or 'curl' followed by 'chmod +x'.
- [REMOTE_CODE_EXECUTION]: Includes methods for fetching and executing PowerShell scripts directly in memory using 'IEX', which is a common technique for evading security software.
- [COMMAND_EXECUTION]: Documents several 'Living-off-the-Land' techniques for file retrieval and execution on Windows, including 'certutil', 'bitsadmin', and 'PowerShell' commands.
- [EXTERNAL_DOWNLOADS]: Lists multiple ways to fetch tools from non-whitelisted remote endpoints, such as using Python's urllib, Netcat, or Bash's internal /dev/tcp device.
- [PROMPT_INJECTION]: Contains instructions on how to bypass security filters and antivirus (AV) detection mechanisms, specifically detailing how to rename tools, use memory-only execution, and modify file timestamps to evade monitoring.
Recommendations
- HIGH: Downloads and executes remote code from: http://ATTACKER:8888/fscan - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata