cloud-penetration-testing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains many examples that extract, convert, export, or pass secrets verbatim (e.g., CLI flags like --secret_access_key, exporting tokens/files, converting service principal secrets to plaintext, and commands with / placeholders), which requires the agent to handle and embed exact secret values in outputs.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content explicitly documents offensive techniques for credential theft, data exfiltration, privilege escalation and persistence (e.g., creating backdoor service principals, generating access keys, exporting stolen tokens, password spraying and metadata/API credential harvesting) and includes evasion tactics, indicating deliberate malicious intent and high potential for abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly instructs fetching and ingesting untrusted, user-generated cloud content (for example "aws s3 sync s3://bucket-name ./local-dir", "aws lambda get-function" to read function env vars, and "Export-AzAutomationRunbook"/"Get-AzAutomationJobOutput" to pull runbooks) from public/target cloud sources which the agent would read and use to drive subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's prerequisites include runtime fetching-and-executing of remote installers (e.g., curl https://sdk.cloud.google.com | bash and curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" && sudo ./aws/install), which clearly download and execute external code as required dependencies.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt instructs running privileged local commands that modify the host (e.g., sudo ./aws/install, curl ... | bash, sudo find /home and sudo cp of user configs) and includes guidance to bypass/cloud-auth techniques, so it clearly pushes the agent to change the machine's state.