linux-privilege-escalation

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The set includes direct downloads/execution of shell scripts and exploit sources (linpeas.sh, exploit.c), explicit attacker-controlled URLs (http://ATTACKER_IP/*) and curl|sh instructions — all high-risk for delivering malware even though some GitHub/GTFOBins links are legitimate offensive-security resources.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill contains explicit, actionable instructions for unauthorized privilege escalation and system compromise—incl. reverse shells, reading and cracking /etc/shadow, compiling/using kernel exploits, creating SUID backdoor binaries, cron/ PATH hijacking for persistence, and remote code execution—so it is clearly high-risk and facilitates malicious activity.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs fetching and executing public, user-contributed content (e.g., curl/wget to https://github.com/carlospolop/PEASS-ng/releases/.../linpeas.sh, Linux Exploit Suggester repos, GTFOBins and exploit-db/searchsploit) as part of its required workflow, so the agent would ingest and act on untrusted third‑party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs a curl-pipe-sh at runtime to download and execute linpeas from https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh, which fetches remote code and executes it, meeting the criteria for a runtime dependency that executes external code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs step-by-step methods to enumerate and exploit a Linux host to gain root (including creating SUID binaries, modifying cron and /etc/passwd, adding users, and establishing reverse shells), which directly encourages compromising the machine's state.