📦

審計紀錄

exploitation-knowledge - 6 審計

審計版本 6

最新 高風險

Jun 28, 2026, 09:34 PM

Static findings are mostly true positives for dangerous instructional content, not for hidden executable malware. The skill provides actionable exploitation workflows, reverse shells, Metasploit usage, SQL injection shell access, file reads, credential testing, and flag capture. No evidence found of prompt injection or automatic code execution during skill loading.

1
已掃描檔案
525
分析行數
11
發現
codex
審計單位

高風險問題 (4)

Actionable Reverse Shell and Initial Access Guidance
The skill gives specific reverse shell payload patterns for bash, Python, PHP, and netcat, then instructs users to start listeners and trigger exploits. These are true positive external command findings because they enable remote command execution in target environments.
Exploit Framework and Public Exploit Execution Workflow
The skill recommends Metasploit, searchsploit, downloaded proof-of-concept exploits, and non-interactive exploit execution. These static findings are true positives because the content directs users to find, adapt, and run exploits against services.
Post-Exploitation File and Flag Collection Instructions
The skill instructs users to locate and read user.txt files, read system password files through SQL injection or shell commands, and save captured flag values. This confirms filesystem and sensitive file access findings as true positives.
Command Injection and Filter Bypass Playbook
The skill teaches command injection probes, semicolon and pipe payloads, reverse shell delivery through URL parameters, and base64-to-shell bypass methods. These findings are true positives for actionable exploitation techniques.
中風險問題 (3)
Credential Testing and Brute Force Tooling
The skill lists hydra and default credential testing across SSH, FTP, MySQL, and web panels. This is a true positive misuse risk, although the wording says limited use and could apply to authorized assessments.
Network Access to External Exploit Sources
The skill uses GitHub API searches and raw GitHub downloads to locate public exploit repositories. These hardcoded URL findings are true positives for network activity in the workflow, but they are not evidence of data exfiltration.
Static External Command Detections Are Instructional, Not Loader Execution
Many external command detections occur inside Markdown examples. They are dangerous as user guidance, but no evidence found that the skill automatically executes them when installed or loaded.
低風險問題 (1)
No Prompt Injection Evidence Found
The skill file does not contain text that claims to override system instructions, skip review, impersonate administrators, or force a new role for the evaluator.

偵測到的模式

Reverse Shell Payload PatternsMetasploit Module ExecutionSQL Injection Shell and Sensitive File ReadBase64 Decode to Shell BypassFlag Capture and State Storage

審計版本 5

安全

Jan 16, 2026, 09:52 PM

This is a pure documentation/methodology knowledge base for penetration testing education. The static scanner flagged 154 patterns found in documentation examples (tool references, command syntax, IP addresses) but failed to recognize the educational context. All findings are FALSE POSITIVES - this skill contains only written guidance about exploitation techniques, no executable code, no network operations, and no file system access. Content is consistent with authorized security research and industry-standard pentesting methodology used by security professionals on platforms like HackTheBox.

2
已掃描檔案
701
分析行數
3
發現
claude
審計單位
未發現安全問題

風險因素

🌐 網路存取 (24)
⚙️ 外部命令 (76)
📁 檔案系統存取 (11)

審計版本 4

安全

Jan 16, 2026, 09:52 PM

This is a pure documentation/methodology knowledge base for penetration testing education. The static scanner flagged 154 patterns found in documentation examples (tool references, command syntax, IP addresses) but failed to recognize the educational context. All findings are FALSE POSITIVES - this skill contains only written guidance about exploitation techniques, no executable code, no network operations, and no file system access. Content is consistent with authorized security research and industry-standard pentesting methodology used by security professionals on platforms like HackTheBox.

2
已掃描檔案
701
分析行數
3
發現
claude
審計單位
未發現安全問題

風險因素

🌐 網路存取 (24)
⚙️ 外部命令 (76)
📁 檔案系統存取 (11)

審計版本 3

安全

Jan 10, 2026, 12:07 PM

Pure knowledge-base skill containing only documentation and methodology guidance for penetration testing. No executable code, scripts, network operations, or file system access beyond reading the skill file itself. Content is consistent with authorized security research and educational purposes.

1
已掃描檔案
525
分析行數
0
發現
claude
審計單位
未發現安全問題

審計版本 2

安全

Jan 10, 2026, 12:07 PM

Pure knowledge-base skill containing only documentation and methodology guidance for penetration testing. No executable code, scripts, network operations, or file system access beyond reading the skill file itself. Content is consistent with authorized security research and educational purposes.

1
已掃描檔案
525
分析行數
0
發現
claude
審計單位
未發現安全問題

審計版本 1

安全

Jan 10, 2026, 12:07 PM

Pure knowledge-base skill containing only documentation and methodology guidance for penetration testing. No executable code, scripts, network operations, or file system access beyond reading the skill file itself. Content is consistent with authorized security research and educational purposes.

1
已掃描檔案
525
分析行數
0
發現
claude
審計單位
未發現安全問題