gcp-pentesting

该技能不像凭据窃取型恶意软件那样把数据路由到攻击者域名，也主要使用 Google 官方 API 和官方工具；但它的实际目的就是赋予 AI 代理 GCP 渗透、提权和后渗透能力，并明确指导读取本地凭据文件、使用被窃令牌和实施持久化。整体应判定为 SUSPICIOUS：不是已确认恶意载荷，但作为 AI 代理技能属于高风险 offensive security 能力，权限与后果明显超出普通开发/运维场景。

This fragment is an offensive GCP privilege-escalation and credential-theft playbook with explicit step-by-step commands and payload patterns (service account token/key acquisition, metadata injection, serverless/compute/K8s execution, and data export). While it is not executable dependency code, its operational specificity strongly indicates malicious intent and would be a serious supply-chain security concern if included in a distributed package or automated tooling.

This artifact is an explicit malicious GCP attack checklist that instructs attackers to exfiltrate sensitive data, steal/abuse credentials (including refresh tokens and service account keys), establish persistence via backdoors and scheduled/triggered mechanisms, and evade detection by manipulating audit/logging controls. If found in any packaged dependency or repository artifact, it should be treated as a critical security incident indicator.