Skills
skills/claudiodearaujo/izacenter/AWS Penetration Testing/Snyk

AWS Penetration Testing

Fail

Audited by Snyk on Mar 10, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill instructs extracting and then embedding credentials verbatim into commands and environment variables (e.g., export AWS_ACCESS_KEY_ID=ASIA..., enumerate-iam.py --access-key AKIA... --secret-key ..., aws_consoler -a AKIAXXXX -s SECRETKEY), which requires the LLM to handle and output secret values directly, posing an exfiltration risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.85). These URLs mix sensitive AWS metadata endpoints and untrusted S3/bucket locations (which can host arbitrary binaries), a public bucket aggregator, and dual‑use GitHub repos and tools — all of which can be leveraged to distribute or fetch malware and credentials if used without strict verification and authorization.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). The document is an explicit offensive playbook containing step-by-step instructions for credential theft (IMDS/metadata, Secrets Manager, IAM keys), data exfiltration (S3 sync, EBS snapshot mounts), privilege escalation and backdooring (attaching admin policies, updating Lambda code with malicious payloads, pushing backdoored container images), disabling/evading logging (CloudTrail deletion, user-agent evasion), and other clear abuse techniques intended to compromise, persist in, and hide unauthorized access to AWS environments.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly instructs fetching and downloading content from public third-party sources (e.g., cloning GitHub repos, discovering and syncing S3 buckets including references to https://buckets.grayhatwarfare.com/, and downloading Lambda function code via the "get-function" provided URL and SSRF examples like https://app.com/proxy?url=...), so the agent would ingest untrusted external/user-generated content that could change subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs runtime installation and use of external code (e.g., "git clone https://github.com/RhinoSecurityLabs/pacu"), which fetches remote code that the operator is expected to run and is listed as an essential required tool—so it meets the criteria for executing remote code during runtime.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill includes explicit privileged local actions (e.g., using sudo to create/mount /mnt/stolen), and instructs techniques that obtain or abuse elevated privileges and persist changes, which would modify or compromise the host/agent machine state.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 10, 2026, 01:14 AM