Skills
skills/xfstudio/skills/Cloud Penetration Testing/Snyk

Cloud Penetration Testing

Fail

Audited by Snyk on Feb 16, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill explicitly shows and instructs embedding and extracting secrets verbatim (e.g., passing --secret_access_key, --password, exporting service principal secrets to plaintext, importing/storing stolen token files and using Get-Credential), which requires the LLM to handle secret values directly and risks exfiltration.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This skill contains explicit, actionable instructions for credential theft, data exfiltration, remote code execution, and establishing persistent backdoors across Azure, AWS, and GCP (e.g., dumping Key Vault secrets, creating service-principal backdoors and admin users, creating IAM access keys, invoking VM run commands, reading IMDS tokens, syncing S3 buckets), so it poses a high malicious risk if used without explicit authorized testing controls.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill's workflow explicitly instructs fetching and ingesting content from open public sources — for example running aws s3 sync s3://bucket-name, gsutil cp gs://bucket/file, curl against external endpoints (e.g., login.microsoftonline.com/getuserrealm.srf), and cloning/searching repos via gcloud or cloud_enum — which would cause the agent to read untrusted, third-party content that could carry indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly includes commands that run installers and file operations with sudo (e.g., "sudo ./aws/install", "sudo find /home ...", "sudo cp -r /home/user/.config/gcloud ...") and curl|bash installers that modify the host environment, so it directs the agent to perform privileged changes to the machine it runs on.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 01:15 AM