vmware-vcenter-attack

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document is an explicit offensive playbook: it provides step‑by‑step reconnaissance, pre‑auth RCE probes/PoCs, instructions to drop webshells/authorized_keys, guidance to harvest and reuse credentials and download datastore/VMDK data—actions that enable unauthorized remote code execution, persistence, and data exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The skill’s runtime workflow performs external HTTP(S) recon (e.g., curl -sk "https://$TARGET/ui/login", /sdk, /websso/SAML2/Metadata, /SAAS/..., /vco/api/about, etc.) and then uses the returned page/body text for parsing/versioning, so any attacker-controlled free text from the target (outsider-authored) can be ingested into the agent’s LLM context via the fetched response content.