webshell-deploy
Fail
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides fully functional webshell payloads for multiple platforms (JSP, PHP, ASPX) and Java memory-resident shells (Filter, Servlet, Listener) designed for arbitrary command execution on remote servers.
- [COMMAND_EXECUTION]: Instructions guide the user or agent to create local exploit files and use
curlto perform offensive actions, such as HTTP PUT exploitation and multi-part form upload attacks. - [DATA_EXFILTRATION]: Specifically demonstrates how to read highly sensitive system files like
/etc/shadowand/etc/passwdand provides a reverse shell payload to establish an outbound command-and-control connection. - [REMOTE_CODE_EXECUTION]: Details exploitation methods for known vulnerabilities like Tomcat CVE-2017-12615, including bypass techniques using trailing slashes, encoded spaces, and NTFS data streams to upload executable files.
- [PROMPT_INJECTION]: Outlines a methodology for log injection via the User-Agent header to achieve remote code execution through Local File Inclusion (LFI) vulnerabilities.
- [REMOTE_CODE_EXECUTION]: Provides multiple obfuscated PHP payloads (using XOR encryption, Base64 encoding, and callback functions) specifically intended to evade detection by Web Application Firewalls (WAFs) and Antivirus (AV) software.
Recommendations
- AI detected serious security threats
Audit Metadata