aws-pentesting

该技能与其声明目的高度一致，但其目的本身是为 AI 代理提供完整的 AWS 攻击链能力。官方 AWS 端点的数据流基本一致，没有明显伪装式第三方中转；然而它要求处理高权限云凭据、读取元数据/缓存、安装非官方第三方安全工具并将凭据交给这些工具，还指导提权、持久化和数据获取。整体应判定为高风险、可被滥用的进攻性安全技能，而非普通开发辅助技能。

This fragment is an offensive AWS attack/enumeration playbook with actionable probing and credential/authorization abuse steps (including IMDS credential harvesting guidance and OIDC trust-policy exploitation patterns). While it does not demonstrate a malicious software dependency implementation, it is high-risk instructional material that could directly enable unauthorized access when incorporated into tools or reused by attackers.

This is not a benign library/module; it is an explicitly malicious operational guide for AWS persistence, including actions that create/maintain unauthorized access and inject attacker-controlled code into managed services. There is no dependency code to audit, but the provided material strongly indicates malicious intent. Do not use or distribute as-is; treat as high-risk content.