Skills
skills/wgpsec/aboutsecurity/waf-bypass-methodology/Gen Agent Trust Hub

waf-bypass-methodology

Fail

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The file references/parameter-bypass.md contains a functional PHP web shell (<?php system($_GET['cmd']); ?>) used for executing arbitrary commands on a server. This file was explicitly flagged by an automated antivirus scan as malware.
  • [COMMAND_EXECUTION]: The skill provides command templates using curl to fingerprint and bypass security controls on remote targets. These patterns enable the agent to perform network-based scanning and exploitation.
  • [DATA_EXFILTRATION]: The skill describes techniques like HTTP Request Smuggling and specific Content-Type manipulations that facilitate sending arbitrary data to remote servers, potentially bypassing outbound traffic monitoring.
  • [PROMPT_INJECTION]: The shell command templates interpolate a user-defined TARGET variable without any input validation or sanitization, creating a surface where a malicious actor could inject secondary shell commands or modify the intended network operation.
Recommendations
  • CRITICAL: 1 infected file(s) detected - DO NOT USE
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 29, 2026, 01:55 PM