AWS Penetration Testing
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [Privilege Escalation] (HIGH): The skill provides explicit instructions to escalate IAM privileges to 'AdministratorAccess' using 'iam:AttachUserPolicy' and 'iam:PutUserPolicy', which grants full control over an AWS account.
- [Data Exfiltration] (HIGH): Includes methods to extract temporary credentials from EC2/Fargate metadata endpoints (IMDSv1/v2) and provides commands to download entire S3 buckets or extract sensitive Active Directory databases (NTDS.dit) from EBS snapshots.
- [Command Execution] (HIGH): Contains instructions for arbitrary command execution on remote EC2 instances via AWS Systems Manager (SSM) and code injection into AWS Lambda functions.
- [Evasion & Persistence] (HIGH): Provides specific commands to delete or disable CloudTrail trails, which is a direct attempt to cover tracks and blind security monitoring systems.
- [External Downloads] (MEDIUM): Directs the agent to download and run multiple third-party security tools from unverified GitHub repositories (RhinoSecurityLabs, andresriancho, NetSPI) and install several Python packages without version pinning or integrity checks.
Recommendations
- AI detected serious security threats
Audit Metadata