ssh-penetration-testing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill explicitly embeds and prints credentials and SSH key material in commands and code examples (e.g., Paramiko using "password123" and printing username:password, echoing ssh-rsa keys into authorized_keys, inline passwords in hydra examples), which would require an LLM to handle and output secret values verbatim.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). Highly suspicious: they point to exposed private SSH keys and an archive (id_rsa, ssh_keys.tar.gz) hosted on an untrusted domain (with localhost:8080 likely a tunneled/local service), which represents critical credential/data‑leak and compromise potential.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content provides explicit, actionable instructions for credential theft (brute-force, password spraying, exposed key harvesting), backdoor and persistence techniques (adding SSH keys to authorized_keys, reverse port forwarding for callbacks), remote code execution and pivoting via tunnels/SOCKS proxies, and evasion tactics—clearly enabling intentional malicious activity if used without explicit authorization.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 5 "Web-accessible keys (check with curl/wget)" explicitly instructs fetching arbitrary web-hosted files (e.g., curl -s http://target.com/id_rsa), so the agent would ingest untrusted third-party content and potentially act on it (use keys), enabling indirect prompt-injection influence on decisions and tooling.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). Flagged because the skill includes explicit instructions that modify the host's state—e.g., appending to /etc/proxychains.conf (a system file requiring elevated rights) and adding SSH keys to authorized_keys—actions that change system configuration and can require sudo.