ssti-server-side-template-injection
Fail
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: CRITICALCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous functional shell command execution payloads across various languages and engines, including subprocess spawning and system calls.- [DATA_EXFILTRATION]: Instructions guide the agent to perform data harvesting of sensitive files like AWS credentials and environment variables. The skill also exhibits an indirect prompt injection surface. Ingestion points: User-controlled search and query parameters in SCENARIOS.md. Boundary markers: None. Capability inventory: File system read and shell command execution. Sanitization: None.- [REMOTE_CODE_EXECUTION]: The playbook contains sophisticated RCE chains and sandbox escape techniques, such as Python MRO subclass traversal and hex-encoded attributes, designed to bypass application security.- [CREDENTIALS_UNSAFE]: The content specifically targets the discovery and exposure of hardcoded cloud credentials and application secrets within the environment.- [SAFE]: Automated AV scanners flagged SCENARIOS.md due to the presence of exploit payloads. In the context of a recognized security vendor, these are functional examples for testing purposes rather than active malware targeting the host.
Recommendations
- CRITICAL: 1 infected file(s) detected - DO NOT USE
- AI detected serious security threats
Audit Metadata