cloud-containers

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content contains explicit, actionable exploitation and post‑exploitation instructions (credential theft, data exfiltration, privilege escalation, remote code execution and host compromise) that can be directly abused for unauthorized access and persistent compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's reference (reference/cloud-security.md) and workflow explicitly instruct the agent to fetch and download untrusted public content (e.g., curl/aws s3/gsutil commands against public S3/GCS buckets, public URLs, MinIO endpoints and Lambda function code URLs) and to read/act on that content (search for credentials, use tokens/keys, invoke APIs), which could allow indirect prompt-injection from third-party data.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime installation commands that clone and run remote code (e.g., "git clone https://github.com/prowler-cloud/prowler" and "git clone https://github.com/RhinoSecurityLabs/pacu"), so those URLs fetch and execute external code that the skill relies on.