azure-pentesting

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs reading credentials/tokens from cache and embedding them into CLI commands and API requests (e.g., az login -u CLIENT_ID -p SECRET, passing refresh/access tokens to tools and curl requests), which requires handling and outputting secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is a comprehensive offensive playbook that explicitly instructs how to perform unauthorized enumeration, steal credentials/tokens, execute remote code, implant persistent backdoors, and exfiltrate data—demonstrating clear malicious intent and practical abuse techniques.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md and referenced docs) explicitly instructs the agent to fetch and parse open/public third‑party resources—e.g., https://login.microsoftonline.com/{tenant}/.well-known/openid-configuration, anonymous Blob endpoints like https://.blob.core.windows.net/... , public Azure DevOps endpoints (https://dev.azure.com/...), GitHub repos, and Google dorks—and to use those responses to drive enumeration, phase decisions, and follow-up actions, so untrusted third‑party content can materially influence tool use.