The Agent Skills Directory

[COMMAND_EXECUTION]: The skill features numerous CLI templates for AWS, Azure, and GCP that perform sensitive actions like retrieving secrets from AWS Secrets Manager and Azure Key Vault, or modifying IAM policies to achieve full Administrator access.
[DATA_EXFILTRATION]: Facilitates the bulk download of cloud data through commands like aws s3 sync and az storage blob download, which can be used to exfiltrate entire storage containers to local systems.
[EXTERNAL_DOWNLOADS]: Mentions and links to several third-party security frameworks and exploitation tools on GitHub, such as Pacu, MicroBurst, and ScoutSuite, which are required for several of the described attack vectors.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to unvalidated command interpolation. Ingestion points: CLI commands take variable inputs for bucket names, usernames, and project IDs. Boundary markers: No markers or safety instructions are present to isolate variable inputs. Capability inventory: Extensive access to administrative cloud tools (aws, az, gcloud) for identity and data management. Sanitization: No input validation or escaping mechanisms are provided for the command templates.

exploiting-cloud-platforms