cloud-aksk-exploit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs using leaked cloud Access Key/Secret/SessionToken and shows/asks to embed them directly into commands and environment exports, which requires the agent to handle and output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is an explicit malicious playbook for exploiting leaked cloud API credentials—detailing data exfiltration (S3/COS downloads), remote code execution/instance takeover (SSM, CVM/EC2 actions), credential theft and persistence (creating users and access keys), and privilege escalation (attaching admin policies, PassRole/AssumeRole)—and therefore deliberately enables unauthorized compromise and backdoor implantation.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's required workflow (SKILL.md and references/aws-exploit.md / references/tencent-exploit.md) instructs the agent to fetch and read untrusted user-generated content from public cloud storage and functions (e.g., S3/COS buckets via aws s3 cp, coscli cp, Lambda Code.Location piped to curl, and similar commands) which the agent would interpret to drive further exploit actions.