oss-bucket-exploit

High-risk offensive security skill. The install source for coscli appears official, so supply-chain trust is not the main issue; the main issue is that the skill explicitly equips an AI agent to exploit cloud bucket misconfigurations, alter access controls, take over buckets, download data, and upload malicious content. Coherent with its stated purpose, but dangerous and unsuitable for general agent deployment.

This fragment is a highly malicious cloud object-storage intrusion playbook. It describes end-to-end attack steps: unauthenticated discovery, ACL/policy privilege escalation to FULL_CONTROL/public access, sensitive-file harvesting, arbitrary file upload (including webshell-style payloads), and potential bucket namespace takeover. While it is not executable code in the usual sense, embedding such guidance in a supply-chain package would be a serious compromise indicator because it directly enables unauthorized access, data theft, and persistence.