exploiting-aws-with-pacu

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/agent.py file uses subprocess.run to call the pacu command-line utility. It passes parameters such as session names, module names, and arguments directly from the command line to execute AWS exploitation and enumeration modules.
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install the Pacu framework from the Rhino Security Labs GitHub repository (github.com/RhinoSecurityLabs/pacu). This is an established security research organization, and the download is part of the intended setup for the tool.
  • [CREDENTIALS_UNSAFE]: The driver script scripts/agent.py accesses the Pacu session database located at ~/.local/share/pacu/sqlite.db or ~/.pacu/sqlite.db. This database is sensitive as it stores the results of cloud enumeration, including IAM details and identified privilege escalation paths.
  • [DATA_EXFILTRATION]: The skill explicitly documents the use of exfiltration-focused modules, such as s3__download_bucket, which is used to download objects from S3 buckets as part of a security assessment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 02:09 PM
Security Audit — agent-trust-hub — exploiting-aws-with-pacu