linux-lateral-movement

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The playbook explicitly instructs harvesting secrets (cat /etc/shadow, dumping process envs, .netrc, etc.) and includes command examples that embed credentials on the command line (e.g., smbclient -U 'user%password', mount -o username=user,password=pass), which would force the model to handle or insert secret values verbatim when producing actionable commands or scripts.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). The URL is an individual GitHub repository (nongiach/sudo_inject) that provides a post‑exploitation sudo token injection tool from an unvetted/unknown author, making it a likely source for privileged malware or abuse.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is an explicit adversary playbook — it describes and instructs credential theft (SSH keys, /etc/shadow, environment secrets), active lateral movement (SSH agent hijacking, tunneling, pivoting), persistence/backdoors (authorized_keys injection, systemd service reverse shells, SUID creation on shared mounts), sudo-ptrace session hijacking, D-Bus/polkit abuse, and techniques to connect to or route traffic to attacker-controlled endpoints — all clear, deliberate malicious behavior and backdoor techniques.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs actions that modify system state and create persistent backdoors—SSH agent hijacking, key harvesting and injection, ptrace sudo hijack, writable systemd unit creation, SUID binaries on shared mounts, and reading/modifying privileged files—so it directly pushes the agent to compromise the host.