cloud-penetration-testing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill contains multiple commands and examples that embed or extract credentials verbatim (e.g., --secret_access_key, --password, converting SecureString to plaintext, importing/exporting stolen token files), which would require an agent to handle and output secret values directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The document is an explicit offensive cloud pentesting playbook containing deliberate techniques for credential theft (metadata and environment extraction, token harvesting), data exfiltration (s3/gsutil/az sync and runbook/job exports), remote code execution and backdoors (Invoke-AzVMRunCommand, creating Owner service principals, creating access keys and new admin users), and persistence mechanisms — i.e., it provides step-by-step methods aimed at compromising and maintaining access to cloud environments and thus has high malicious misuse potential.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's prerequisites fetch and execute remote installers at runtime (curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" then run the installer, and curl https://sdk.cloud.google.com saved to google-cloud-sdk-install.sh then bash it), which are required dependencies that execute remote code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill includes multiple instructions that require elevated/local privileges (e.g., sudo ./aws/install, sudo find/cp of /home, system-wide installs and copying other users' configs) and thus directs changing the host system state and accessing local credential files, so it should be flagged.