AWS Penetration Testing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill downloads multiple third-party tools from unverified GitHub repositories, including Pacu (RhinoSecurityLabs), enumerate-iam (andresriancho), and aws_consoler (NetSPI). It also installs packages like Prowler and ScoutSuite via pip.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill facilitates the execution of downloaded scripts such as
enumerate-iam.pyandsecretsdump.py. These scripts are executed locally after being fetched from the internet, which bypasses standard supply chain security checks. - [COMMAND_EXECUTION] (HIGH): Extensive use of high-privilege commands is documented, including
sudo mountfor accessing stolen EBS volumes and variousawsCLI commands to modify infrastructure (e.g.,aws cloudtrail delete-trail,aws lambda update-function-code). - [CREDENTIALS_UNSAFE] (HIGH): The skill provides explicit instructions for stealing credentials from EC2 metadata endpoints (IMDSv1/v2), extracting NTDS.dit from Windows Domain Controllers using
secretsdump.py, and creating new AWS access keys for target users. - [DATA_EXFILTRATION] (HIGH): Detailed workflows are provided for exfiltrating data, including synchronizing S3 buckets to local storage (
aws s3 sync) and mounting volume snapshots to extract sensitive files from compromised instances. - [ANTI-FORENSICS] (HIGH): The 'Covering Tracks' section provides instructions to delete or disable CloudTrail logs, a behavior characteristic of malicious actors attempting to evade detection and audit trails.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata