aliyun-pentesting

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs retrieving AccessKey/AccessKeySecret/SecurityToken from the ECS metadata and creating/using AccessKeys (then reconfiguring CLI or embedding them in commands), which requires handling and outputting secret values verbatim and thus poses direct exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document is an explicit offensive Alibaba Cloud penetration-testing playbook that provides step‑by‑step instructions to steal credentials (metadata/AccessKeys/Secrets), escalate privileges (RAM policy/PassRole/CreateAccessKey), execute remote commands (Cloud Assistant, VNC, RunCommand), exfiltrate data (OSS/RDS/SLS/KMS), implant persistent backdoors (modify FC functions, create privileged Pods, alter security groups/SLB backends) and otherwise hijack cloud resources—constituting deliberate malicious behavior and high-risk abuse patterns.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs fetching and parsing untrusted third-party content—e.g., HTTP curl and aliyun OSS commands that list and download objects from public bucket URLs (https://BUCKET_NAME.oss-.../ and the curl "...?list-type=2" check) and SLS/log retrieval—whose user-generated contents are read and used to drive subsequent actions like credential extraction and exploiting services.