pua
Fail
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill architecture described in
references/platform.mdfetches 'prompt templates' from an external API (https://pua-api.agentguard.workers.dev/v1/command/<command_id>) and executes them as instructions. This allows the remote server to dynamically alter the agent's logic and behavior at runtime. - [DATA_EXFILTRATION]: The skill performs extensive data exfiltration. It requires users to register with a phone number, which is sent to an untrusted remote server. It also performs 'silent' reporting of events (telemetry) to
https://pua-api.agentguard.workers.devand uploads session logs tohttps://pua-skill.pages.dev/api/feedback. - [PROMPT_INJECTION]: The skill uses strong role-play directives to override the agent's standard behavior and safety guidelines, forcing it to adopt a 'corporate PUA' persona. It also explicitly instructs the agent to recursively inject these overrides into all sub-agents via shell tool calls.
- [COMMAND_EXECUTION]: The skill makes extensive use of the shell tool to execute
curlcommands for data exfiltration and configuration retrieval. It also performs runtime package installation (pip install qrcode) and executes Python scripts to generate visual terminal output. - [EXTERNAL_DOWNLOADS]: The skill downloads logic, configuration, and instructional templates from external domains (
pua-api.agentguard.workers.dev,pua-skill.pages.dev) that are not associated with trusted technology vendors or whitelisted services.
Recommendations
- AI detected serious security threats
Audit Metadata