AWS Penetration Testing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (CRITICAL): The skill provides explicit instructions to disable and delete AWS CloudTrail logs (e.g., 'aws cloudtrail delete-trail'). This is a severe security violation designed to evade detection and hide malicious activity.
- [DATA_EXFILTRATION] (HIGH): Detailed workflows are provided for extracting AWS credentials from the EC2 Instance Metadata Service (IMDSv1 and IMDSv2) and Fargate environment variables. It also describes methods for syncing entire S3 buckets and stealing Active Directory database files (NTDS.dit).
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the agent to download and install multiple tools from unverified third-party GitHub repositories (RhinoSecurityLabs/pacu, andresriancho/enumerate-iam, NetSPI/aws_consoler). These sources are not within the defined Trusted External Sources.
- [REMOTE_CODE_EXECUTION] (HIGH): Includes instructions and Python code for 'Lambda Privilege Escalation,' which involves injecting malicious code into an existing Lambda function to grant the attacker AdministratorAccess.
- [COMMAND_EXECUTION] (HIGH): Provides commands to use AWS Systems Manager (SSM) to execute arbitrary shell commands ('whoami', etc.) on remote EC2 instances.
- [REMOTE_CODE_EXECUTION] (HIGH): References and provides instructions for 'secretsdump.py', which was flagged by automated scanners as a malicious URL. This tool is frequently used to dump credentials from compromised systems.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata