exploiting-cloud-platforms

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains explicit secret-like values and instructs embedding credentials directly in commands (e.g., export AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY, az login -p PASSWORD) and retrieving secrets (aws secretsmanager get-secret-value), which requires handling or outputting secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This is an explicit cloud-exploitation playbook containing step-by-step commands to discover and exfiltrate data, steal credentials (metadata-service/Secrets Manager access, create access keys), perform privilege escalation (attach policies, PassRole + Lambda, UpdateAssumeRolePolicy), and deploy backdoors/RCE (creating/invoking malicious Lambda functions), so it facilitates intentional malicious activity.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs fetching and downloading from public, user-controlled storage and URLs (e.g., curl https://bucket-name.s3.amazonaws.com/, az storage blob download, gsutil cp gs://bucket-name/file.txt) and expects the agent to read and act on that untrusted third‑party content as part of exploitation workflows, which could materially influence subsequent actions.