Linux Privilege Escalation

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Although several entries (GitHub PEASS‑ng, linux‑exploit‑suggester, GTFOBins) are well‑known legitimate tools/resources, the skill explicitly instructs fetching and executing remote .sh/.c files — and includes attacker‑hosted URLs (http://ATTACKER_IP/... and :8000/...) which are untrusted by design — so the overall set is high risk for malware distribution if followed.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is highly malicious: it provides detailed, actionable instructions for unauthorized Linux privilege escalation, remote code execution (reverse shells, backdoors), credential theft (reading/cracking /etc/shadow), and persistence techniques (SUID abuse, cron/NFS abuse), enabling system compromise and data exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs downloading and executing content from public, untrusted third‑party sources (e.g., curl/wget from GitHub such as https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh, references to GTFOBins and exploit-db, and wget of arbitrary attacker-hosted URLs), which the agent would fetch and run as part of its workflow and thus could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes a runtime command that fetches and executes a remote script via "curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh", which directly executes remote code and is used as a required enumeration step.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly provides step-by-step instructions to enumerate and exploit Linux privilege escalation vectors — including obtaining root, modifying system files (e.g., /etc/passwd, cron jobs, systemd files), creating SUID binaries and new users, and running kernel exploits or reverse shells — which directly instructs compromising the host system.