competition-linux-credential-pivot

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires recording and reproducing credential artifacts (SSH keys, tokens, kubeconfigs, service-account secrets) and producing a “minimal replayable chain” proving access, which inherently requires including secret values or commands embedding them verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). 虽然标注为 CTF/沙箱专用，但该技能明确指导如何发现、恢复并重放 SSH 密钥、agent sockets、kubeconfigs、云/容器服务令牌和其它凭证以建立主机间横向移动与提权链，直接促成凭证盗窃、未经授权访问和系统妥协，属于高风险恶意行为模式。

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). 该技能明确指导收集、重放凭证并重现可利用的横向移动与特权提升链（包括 sudo/capability abuse、container/kernel escape），这直接引导执行会改变或提升主机状态的攻击性操作，因此存在高风险。