AWS Penetration Testing
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill provides instructions for using 'aws ssm send-command' to execute arbitrary shell scripts on remote EC2 instances.
- CREDENTIALS_UNSAFE (HIGH): Detailed workflows guide the user to extract temporary security credentials from EC2 Instance Metadata Service (IMDSv1/v2) and permanent IAM access keys through identity enumeration and privilege escalation.
- DATA_EXFILTRATION (HIGH): Includes techniques for synchronizing entire S3 buckets to local storage ('aws s3 sync') and mounting EBS volume snapshots on attacker-controlled instances to steal filesystem data.
- EXTERNAL_DOWNLOADS (MEDIUM): Recommends downloading and executing scripts from multiple third-party GitHub repositories, such as RhinoSecurityLabs/pacu and NetSPI/aws_consoler, which are not included in the trusted organizations list.
- REMOTE_CODE_EXECUTION (HIGH): Guides the user on updating AWS Lambda function code to inject malicious logic for administrative privilege escalation.
- PERSISTENCE (HIGH): Provides commands to delete or modify AWS CloudTrail trails, a high-severity action intended to blind security monitoring and maintain undetected access.
Recommendations
- AI detected serious security threats
Audit Metadata