AWS Penetration Testing
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs the installation of security tools from several untrusted GitHub repositories (RhinoSecurityLabs, andresriancho, NetSPI) that are not part of the approved organization list.
- DATA_EXFILTRATION (HIGH): Provides explicit methods for stealing AWS credentials via the EC2 Instance Metadata Service (IMDSv1/v2) and container metadata endpoints.
- COMMAND_EXECUTION (HIGH): Includes commands to delete or disable AWS CloudTrail logs (
aws cloudtrail delete-trail), which is a high-severity action used to hide malicious activity from security administrators. - COMMAND_EXECUTION (HIGH): Details privilege escalation techniques such as attaching the
AdministratorAccesspolicy to the current user and injecting code into Lambda functions to gain higher permissions. - DATA_EXFILTRATION (HIGH): Contains instructions for unauthorized data access, including mounting EBS volumes from other instances and performing Shadow Copy attacks on Domain Controllers to extract sensitive credentials.
Recommendations
- AI detected serious security threats
Audit Metadata