AWS Penetration Testing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly lists "Extracted credentials and secrets" as deliverables and includes steps like creating access keys and extracting secrets, which would require the agent to handle and output API keys/secret access keys verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content provides explicit, actionable instructions for credential theft (SSRF/IMDS, container creds, Secrets Manager), privilege escalation (create access keys, attach/put admin policies, pass-role), backdoor installation and persistence (updating Lambda/containers with malicious code, pushing backdoored images, mounting EBS snapshots and extracting DC secrets), evasion and tampering of logging (disable CloudTrail, modify user-agent to avoid detections), and lateral movement/exfiltration techniques, all of which are clear indicators of deliberate malicious/backdoor behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly instructs fetching and interpreting open third-party content—e.g., cloning tools from GitHub (Essential Tools: git clone https://github.com/...), downloading Lambda code via the provided URL (wget -O lambda-function.zip "url-from-previous-query" in references/advanced-aws-pentesting.md), and enumerating public buckets (https://buckets.grayhatwarfare.com/ in public-bucket-search.md)—which are untrusted public sources that the agent is expected to read and that can materially change subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly directs runtime fetching and execution of external code (git clone/install steps), e.g. "git clone https://github.com/RhinoSecurityLabs/pacu" (and other repos like https://github.com/andresriancho/enumerate-iam and https://github.com/duo-labs/cloudmapper.git), which are required by the skill and would execute remote code—creating a high-risk runtime dependency.