Skills
skills/claudiodearaujo/izacenter/Cloud Penetration Testing/Gen Agent Trust Hub

Cloud Penetration Testing

Fail

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill installs the Google Cloud SDK by fetching a script from a well-known service and piping it directly to bash.
  • Evidence: curl https://sdk.cloud.google.com | bash in SKILL.md.
  • [EXTERNAL_DOWNLOADS]: Fetches the AWS CLI from official Amazon servers and installs third-party security auditing tools scoutsuite and pacu via pip.
  • Evidence: curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" and pip install scoutsuite pacu in SKILL.md.
  • [COMMAND_EXECUTION]: Provides commands to execute arbitrary PowerShell scripts on remote Azure Virtual Machines and instructions for creating backdoor service principals and access keys to establish persistence.
  • Evidence: Invoke-AzVMRunCommand and New-AzAdServicePrincipal -DisplayName "WebService" -Role Owner in SKILL.md.
  • [DATA_EXFILTRATION]: Includes techniques for extracting secrets from Azure Key Vault, AWS Lambda environment variables, and metadata services across all major cloud providers.
  • Evidence: az keyvault secret show, aws lambda get-function --function-name <name> | jq '.Configuration.Environment', and access to 169.254.169.254 in SKILL.md.
  • [CREDENTIALS_UNSAFE]: Facilitates the discovery of passwords stored in user attributes and the importation of stolen authentication tokens for environment access.
  • Evidence: PowerShell logic searching for "password" strings in Get-MsolUser results and the Import-AzContext -Profile 'C:\Temp\StolenToken.json' command in SKILL.md.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from potentially untrusted cloud resource descriptions and metadata services.
  • Ingestion points: Cloud resource enumeration, metadata extraction, and log reading commands (SKILL.md).
  • Boundary markers: Absent; no instructions are provided to the agent to ignore instructions embedded in the ingested cloud data.
  • Capability inventory: Remote command execution on VMs, file system access, network operations, and identity management modifications.
  • Sanitization: No sanitization or validation of the ingested cloud data is performed before processing or outputting.
Recommendations
  • HIGH: Downloads and executes remote code from: https://sdk.cloud.google.com - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 10, 2026, 01:14 AM