Cloud Penetration Testing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly shows and instructs embedding and extracting secrets verbatim (e.g., passing --secret_access_key, --password, exporting service principal secrets to plaintext, importing/storing stolen token files and using Get-Credential), which requires the LLM to handle secret values directly and risks exfiltration.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill content contains explicit, actionable step-by-step instructions for stealing credentials and secrets, exfiltrating data, establishing persistent backdoors (service principals, access keys, created admin users), and performing remote code execution across Azure, AWS, and GCP, and therefore poses a high malicious-use risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch and ingest content from untrusted public sources—e.g., aws s3 sync s3://bucket-name, gsutil cp gs://bucket/file, gcloud source repos clone , and cloning/using public GitHub tools—so the agent would read arbitrary third-party/user-generated data as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly includes commands that run installers and file operations with sudo (e.g., "sudo ./aws/install", "sudo find /home ...", "sudo cp -r /home/user/.config/gcloud ...") and curl|bash installers that modify the host environment, so it directs the agent to perform privileged changes to the machine it runs on.