conducting-cloud-infrastructure-penetration-test

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains multiple insecure patterns that require embedding secrets verbatim in commands (e.g., az login -p 'Password123', azurehound -p 'Password123', exporting AWS_ACCESS_KEY_ID/SECRET_SESSION_TOKEN from metadata into environment and using them in subsequent CLI calls), which forces the agent to handle and output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests untrusted, user-provided cloud object and policy data (e.g., SKILL.md shows aws s3 cp --no-sign-request and gsutil ls commands, and scripts/agent.py enumerate_public_resources plus scripts/process.py check_public_s3) so the agent reads third-party content that can influence subsequent decisions and tool use.