Skills
skills/wgpsec/aboutsecurity/zombie-brute/Gen Agent Trust Hub

zombie-brute

Fail

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides numerous pre-formatted shell commands that invoke the zombie binary to perform automated, high-speed brute-force attacks against SSH, RDP, MySQL, and other network services.
  • [REMOTE_CODE_EXECUTION]: The skill references and encourages the use of an external binary tool (zombie) from a third-party GitHub repository (github.com/chainreactors/zombie) that is not part of the platform's trusted vendor list.
  • [DATA_EXFILTRATION]: The tool's primary purpose is the discovery and recovery of valid credentials from remote systems, which are then exposed to the agent and the console output.
  • [PROMPT_INJECTION]: The skill provides a decision tree and instructions that guide the agent to perform offensive security actions, which could be used to bypass intended usage restrictions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 22, 2026, 10:08 AM