cloud-iam-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs using and embedding real cloud credentials (AK/SK, SecretId/SecretKey, session tokens) in CLI commands and SDK code (e.g., credential.Credential('SecretId','SecretKey'), export/set token), which requires the LLM to handle and potentially output secret values verbatim, creating high exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The document explicitly provides step-by-step, provider-specific instructions to abuse cloud credentials for privilege escalation and persistence (create admin policies/users, generate AccessKeys, modify trust policies, use iam:PassRole with Lambda/SCF, assume roles, and search/exfiltrate secrets), i.e. clear guidance for credential theft, backdoor creation, and evading audit — a deliberately malicious/abusive playbook.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow explicitly instructs the agent to fetch and read user-provided cloud data (e.g., S3/COS objects, Secrets Manager/Parameter Store values, Lambda/SCF code and other storage like "cos://..." shown in SKILL.md and references/aws-escalation.md and references/tencent-cam-escalation.md), which are untrusted third‑party content the agent is expected to interpret and use to drive privilege‑escalation actions.