ai-infrastructure-attack

This is not benign dependency code; it is an offensive exploitation/payload guide targeting Jupyter/JupyterHub, MLflow, Ray, and Kubeflow. It includes explicit RCE and reverse-shell payloads (Jupyter Kernel execute, Ray job entrypoints, MLflow __reduce__ leading to os.system), and clear credential/secret discovery and disclosure (reading secrets/configs/notebooks, environment variables, K8s SA tokens, cloud metadata). High probability of malicious behavior and extremely high security risk if included in a software supply chain.

该技能是面向 AI 代理的进攻性安全利用手册，直接教授未授权访问、RCE、凭据读取、敏感信息提取和系统提示词窃取。不存在明显第三方安装器或供应链伪装，但技能的实际用途与攻击行为高度一致，整体应判定为高风险可滥用技能。