aws-iam-privesc

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes and encourages insecure patterns such as passing AWS access keys/secret keys directly on the command line (e.g., "--access-key AKIA... --secret-key ...") and examples that would embed credentials in commands or outputs, which can cause an LLM to handle or emit secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is explicit offensive guidance enabling deliberate malicious activity—detailing concrete privilege-escalation attack chains (policy injection, PassRole abuse, AssumeRole), credential theft and exfiltration techniques (Lambda/EC2/ECS/Glue metadata access, curls to external webhooks, reverse shells, UserData/SSM commands), remote code execution and backdoor installation (Lambda code updates, UserData, Glue dev endpoints, CodeBuild/CloudFormation injection), supply‑chain attacks (ECR image/tag overwrite, CloudFormation/S3 template tampering), and obfuscation/use of encoded payloads (base64 UserData), all of which are clear, actionable instructions for compromising AWS environments.