cloud-iam-deep
Warn
Audited by Gen Agent Trust Hub on May 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides detailed command-line instructions for using cloud provider CLIs and standard utilities to execute attack chains.\n
- Evidence: Provides commands for
aws iam,az role,gcloud auth, andkubectlto perform enumeration and privilege escalation.\n - Evidence: Lists specific commands for exploiting IAM privileges, such as
iam:CreateAccessKeyandiam:PassRolecombined withec2:RunInstances.\n- [DATA_EXFILTRATION]: Provides procedures for exploiting SSRF vulnerabilities to access sensitive cloud metadata services.\n - Evidence: Includes
curlcommands targeting169.254.169.254(AWS, Azure, and GCP IMDS endpoints) to extract temporary IAM credentials and tokens.\n - Evidence: Instructions for extracting Kubernetes ServiceAccount tokens (JWTs) from the API or internal pod environment.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection and includes instructions that mimic security verdict logic.\n
- Ingestion points: Cloud credentials and tokens sourced from external, untrusted data (git-leaks, JS bundles, APKs, or SSRF responses).\n
- Boundary markers: Absent; there are no instructions to validate or sanitize the content of extracted credentials before use in shell commands.\n
- Capability inventory: Extensive execution of subprocesses including
aws,az,gcloud,kubectl, andcurlacross multiple files/sections.\n - Sanitization: Absent; found data is interpolated directly into command arguments without escaping.\n
- Evidence: Includes a 'Severity scoring guidance' table that defines findings as 'Critical' or 'High', which could be used to influence automated security analyzers.
Audit Metadata