huawei-pentesting

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit commands and examples that embed API keys, AK/SK, passwords, and X-Auth-Token directly into command-line arguments, curl bodies/headers, and environment variables (e.g., obsutil config -i ACCESS_KEY_ID -k SECRET_ACCESS_KEY, export OS_PASSWORD=PASSWORD, curl -H "X-Auth-Token: $TOKEN"), which requires the LLM to handle or output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document is explicit, step‑by‑step offensive guidance for compromising Huawei Cloud environments—covering credential theft (metadata/AK/SK/environment vars), privilege escalation (IAM/agency creation, role/group changes), persistence/backdoors (modifying FunctionGraph code, creating keys/DEKs), data exfiltration (OBS/RDS/LTS access and bulk download), and cluster/node takeover (kubeconfig, privileged pods, ELB backends)—and thus is clearly intended to enable malicious activity.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and interpret untrusted third-party content—e.g., querying public OBS buckets and downloading objects (Phase 1.5 and references/compute-storage-attacks.md), reading instance user_data and metadata via HTTP (169.254.169.254 in Phase 1.4 / references), and retrieving FunctionGraph code and environment variables via REST API (Phase 5 and references/platform-services-attacks.md)—and then uses that content to drive follow-on actions and privilege escalation, meeting the criteria for indirect prompt injection risk.