Cloud Penetration Testing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill repeatedly shows commands and examples that embed, export, or convert secrets verbatim (e.g., --secret_access_key, --password, SecureString->plaintext, stolen token JSON import/export, FireProx args), so an LLM following it would be forced to handle and output secret values directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is high-risk and clearly malicious in practical terms because it provides step-by-step, actionable techniques to steal credentials and secrets, exfiltrate data, create backdoor service principals/keys, perform remote code execution on VMs/functions, and establish persistent unauthorized access across Azure, AWS, and GCP.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill instructs operators to fetch and ingest arbitrary third-party/user-generated content (e.g., aws s3 sync s3://bucket-name ./local-dir, gcloud source repos clone , gsutil cp gs://bucket/file ./local, and aws lambda get-function to read environment/config) from public cloud storage/repos and service endpoints, which are untrusted sources that the agent would read/interpret as part of the workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). This skill contains explicit privileged operations (e.g., "sudo ./aws/install", "sudo find /home ...", "sudo cp -r ...") and instructions to access/copy local credential files and install system-level tools, which directs the agent to perform actions requiring elevation and that modify the host state.