Skills
skills/yaklang/hack-skills/xslt-injection/Gen Agent Trust Hub

xslt-injection

Fail

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill provides templates designed to access sensitive system files such as /etc/passwd and win.ini, and to perform network requests to external domains. Evidence in SKILL.md includes the document('/etc/passwd') and document('http://attacker.example/ssrf') payloads.
  • [COMMAND_EXECUTION]: The skill documents several methods for achieving remote code execution via platform-specific XSLT extensions. Evidence in SKILL.md includes the use of php:function, java.lang.Runtime, and msxsl:script to execute shell commands like /bin/sh and cmd.exe.
  • [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted XSLT logic, which presents an attack surface for indirect prompt injection. 1. Ingestion points: User-influenced parameters named xslt, stylesheet, transform, and template (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Shell command execution, file read/write, and network operations (SKILL.md). 4. Sanitization: Absent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 22, 2026, 05:03 PM