Skills
skills/hainamchung/agent-assistant/Cloud Penetration Testing/Snyk

Cloud Penetration Testing

Fail

Audited by Snyk on Feb 17, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill explicitly shows and instructs embedding and extracting secrets verbatim (e.g., passing --secret_access_key, --password, exporting service principal secrets to plaintext, importing/storing stolen token files and using Get-Credential), which requires the LLM to handle secret values directly and risks exfiltration.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This skill contains explicit, actionable instructions for credential theft, data exfiltration, remote code execution, and establishing persistent backdoors across Azure, AWS, and GCP (e.g., dumping Key Vault secrets, creating service-principal backdoors and admin users, creating IAM access keys, invoking VM run commands, reading IMDS tokens, syncing S3 buckets), so it poses a high malicious risk if used without explicit authorized testing controls.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and ingest content from public/untrusted sources—e.g., S3 buckets ("aws s3 sync s3://misconfigured-bucket ./loot/"), GCS buckets ("gsutil cp gs://bucket/file ./local"), and public git/source repos ("gcloud source repos clone ")—which the agent would read/interpret as part of its workflow, enabling indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly includes commands that run installers and file operations with sudo (e.g., "sudo ./aws/install", "sudo find /home ...", "sudo cp -r /home/user/.config/gcloud ...") and curl|bash installers that modify the host environment, so it directs the agent to perform privileged changes to the machine it runs on.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 12:18 AM