cloud-iam-deep

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs embedding discovered credentials into commands and CLI args or exports (e.g., export AWS_ACCESS_KEY_ID="AKIA...", az login -p , setting TOKEN=... then using it in curl), which requires the agent to include secret values verbatim in generated output and thus poses an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is a deliberate offensive playbook: it provides step-by-step credential-theft and exfiltration techniques (IMDS/metadata/SSRF, leaked SA JSON, K8s SA tokens), explicit privilege-escalation and remote-execution paths (CreateAccessKey, AttachPolicy, PassRole, UpdateFunctionCode, RunInstances, RunCommand), and references to tooling/frameworks for automation — all of which enable unauthorized access, persistence, and data theft.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs enumerating and reading open public third-party sources (e.g., "When to use" references public S3/GCS/Azure-blob and leaked repos) and includes commands that read those sources (e.g., aws s3 ls, gcloud storage buckets list, parsing /tmp/roles.json), so the agent would ingest untrusted, user-generated content whose contents can materially guide follow-on actions.