Skills
skills/wgpsec/aboutsecurity/aws-pentesting/Snyk

aws-pentesting

Fail

Audited by Snyk on May 4, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt contains multiple instructions and example commands that embed real-looking credentials (AKIA/ASIA placeholders, --secret-key, inline passwords like 'P@ssw0rd123!') and direct the agent to pass API keys/secrets as command-line arguments, which requires including secret values verbatim and is high-risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.90). These are legitimate AWS service endpoints (CloudFront, API Gateway, Lambda URLs and the EC2 metadata IMDS) that are not inherently downloads but can be abused to host or serve malicious payloads and—critically—the 169.254.169.254 IMDS endpoints can be used to steal credentials, so following instructions to fetch/execute content from them is high risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This content is a comprehensive, actionable offensive playbook for AWS that explicitly instructs how to obtain credentials, perform privilege escalation, create persistent backdoors across many services (IAM, Lambda, EC2, SSM, CloudFormation, SNS/SQS, ECR, etc.), exfiltrate data to attacker-controlled endpoints, and evade detection—indicating clear, deliberate malicious intent and high abuse risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly instructs fetching and interpreting content from untrusted public sources—e.g., anonymous S3 access and downloads (aws s3 cp --no-sign-request), HTTP requests to Lambda Function URLs and CloudFront origins (curl https://{id}.lambda-url...), public ECR/AMI/snapshot inspection and other OSINT endpoints—whose contents are used to decide next attack phases, so third‑party content can materially influence behavior.

Issues (4)

W007
HIGH

Insecure credential handling detected in skill instructions.

E005
CRITICAL

Suspicious download URL detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
CRITICAL
Analyzed
May 4, 2026, 08:15 AM
Issues
4
Security Audit — snyk — aws-pentesting