SSH Penetration Testing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). This skill explicitly covers credential attacks, brute-forcing, and key-based authentication testing where the agent is likely to generate commands or scripts that embed plaintext passwords or private keys (e.g., sshpass, Paramiko password variables), creating a high risk of requiring secrets to be output verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill content explicitly provides step-by-step offensive techniques for brute-forcing credentials, credential theft, evasion, reverse/remote shells and tunneling for pivoting, and persistence (adding keys), all of which enable unauthorized access, remote code execution, data exfiltration, and backdoor installation — indicating clear malicious/abusive intent and high abuse potential.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching web-accessible secrets from arbitrary public sites (e.g., "curl -s http://target.com/.ssh/id_rsa" in sub-skills/phase-5-key-based-authentication-testing.md), meaning the agent would ingest untrusted third-party web content and act on it (use keys/credentials) as part of its workflow.