aws-iam-policy-analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill content is a high-risk offensive playbook: it documents explicit exploitation techniques and includes code/steps for data exfiltration (SNS → external webhook, S3 get_object, presigned-URL harvesting), credential theft (SSRF to IMDS, extracting X-Amz-Credential), direct remote invocation/abuse of privileged functions (lambda invoke with Principal:*), and IAM abuse (creating roles/users, sts:AssumeRole-based account enumeration and privilege escalation), i.e. deliberate malicious/abusive behaviors rather than mere defensive guidance.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's Step 5 ("AWS 服务端点发现") explicitly instructs fetching and scraping arbitrary target web pages (e.g., "curl -s TARGET_URL | grep -oE ...", "从 JS/HTML 中提取") so the agent would ingest untrusted third‑party web content and use it to drive subsequent analysis and actions (e.g., discovering Lambda names/endpoints to invoke).