SSH Penetration Testing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains numerous examples that embed secrets verbatim (literal passwords in code, an ssh public/key string added to authorized_keys, curl commands to fetch id_rsa, and commands that print username:password), so an LLM following it would be instructed to handle and output secret values directly.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). These URLs point to exposed private SSH keys and an SSH key archive served over plain HTTP (plus a localhost port typically used for forwarded services), which is highly suspicious because they represent credential leakage or a distribution vector for sensitive/compromising material that could enable unauthorized access or malicious activity.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill content is high-risk: it contains explicit, actionable instructions for SSH credential brute-forcing and enumeration, key theft checks, tunneling/pivoting, reverse shell callbacks, and instructions to add persistent authorized_keys entries—techniques that enable unauthorized access, backdoors, and post-exploitation compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs fetching and inspecting arbitrary public web URLs (e.g., "curl -s http://target.com/.ssh/id_rsa" and similar curl/wget checks), meaning the agent would retrieve and interpret untrusted third‑party web content as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill contains explicit, actionable instructions to modify system files and persist access (for example appending to /etc/proxychains.conf and adding keys to ~/.ssh/authorized_keys), perform post‑exploitation and reverse shells, and run brute‑force/exploit workflows that can change the machine's state and require elevated privileges.