Skills
skills/wgpsec/aboutsecurity/cloud-aksk-exploit/Gen Agent Trust Hub

cloud-aksk-exploit

Warn

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]:
  • Provides command templates for multiple cloud CLI providers (aws, tccli, aliyun) to perform unauthorized environment manipulation.
  • Contains specific procedures for establishing persistence by creating administrative backdoor users and secondary access keys.
  • Outlines methods for unauthorized privilege escalation through the creation and attachment of unrestricted policies (e.g., AdministratorAccess) to user identities.
  • [DATA_EXFILTRATION]:
  • Details procedures for listing and downloading sensitive content from cloud storage buckets such as AWS S3 and Tencent COS.
  • Instructs on the extraction of sensitive secrets, including database passwords and API tokens, from the environment variables and configurations of cloud functions (Lambda/SCF).
  • [EXTERNAL_DOWNLOADS]:
  • Suggests the installation of external security tools like enumerate-iam from the public PyPI registry.
  • Automates the download of serverless function source code from dynamically generated URLs provided by the cloud management API.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 22, 2026, 10:07 AM