concourse-tactics
Fail
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: HIGHDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill provides explicit instructions and templates for exfiltrating sensitive data, including AWS credentials and SSH keys, to external attacker-controlled servers as demonstrated in section 4.3 of the attack techniques reference.
- [REMOTE_CODE_EXECUTION]: It details procedures for tampering with CI/CD jobs to inject malicious tasks, enabling arbitrary code execution on build workers.
- [COMMAND_EXECUTION]: Instructions are provided for escaping containerized environments and establishing persistent access through the creation of 'backdoor pipelines'.
Recommendations
- AI detected serious security threats
Audit Metadata