gcp-exploit

This artifact is highly likely malicious in intent: it provides an actionable intrusion playbook for stealing GCP/Kubernetes credentials (via GCP metadata/Workload Identity and Kubernetes RBAC/Secrets), escalating privileges in-cluster, and pivoting to sensitive GCP services (GCS, Secret Manager, IAM). While it is not executable dependency code, distributing it as part of a software package represents a serious supply-chain security risk because it can directly enable credential theft and lateral movement when executed in the targeted environment.

This fragment functions as a weaponized offensive playbook for GCP IAM privilege escalation: it instructs how to enumerate privileged service accounts, mint/obtain usable credentials (including persistent service account keys and access tokens), sign JWT/blobs to derive auth tokens, deploy attacker-controlled workloads under elevated identities (Cloud Functions/Cloud Run/VM/Deployment Manager/Cloud Build), weaken org-level security controls via policy resets, and exfiltrate harvested credentials to an external attacker endpoint. While it is not a typical runtime code module, its inclusion in any software supply-chain artifact should be treated as a high-risk malicious/abusive inclusion.

MALICIOUS。该技能的声明目的就是对GCP环境实施攻击，且内容包含凭据窃取、权限提升、数据导出、持久化以及向attacker.com外传token的明确示例。官方Google CLI的存在不能抵消其整体攻击性与外传行为；第三方攻防工具进一步扩大风险。