tencent-pentesting
Warn
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends the installation of the 'Cloud Exploitation Framework' (cf) via
go install github.com/teamssix/cf@latest. This is a third-party tool hosted on an external GitHub repository not affiliated with the cloud provider or recognized trusted organizations. - [COMMAND_EXECUTION]: The instructions extensively use shell commands to manage cloud infrastructure and execute exploitation steps. It relies on the installation of
tccli,coscmd, andkubectlto perform administrative and intrusive actions. - [DATA_EXFILTRATION]: The skill provides explicit procedures for downloading sensitive information from Tencent Cloud Object Storage (COS) and searching through Cloud Log Service (CLS) logs for credentials such as passwords, tokens, and API keys.
- [REMOTE_CODE_EXECUTION]: It describes techniques for executing arbitrary code on target cloud instances (CVM) using the Tencent Cloud Automation Tools (TAT) via the
RunCommandAPI, effectively enabling remote shell access. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It ingests untrusted data from external sources and has significant capabilities.
- Ingestion points: The agent is instructed to read output from Cloud API calls (
tccli), Instance Metadata service (metadata.tencentyun.com), and log search results from CLS. - Boundary markers: No boundary markers or instructions to ignore embedded commands within the fetched data are present.
- Capability inventory: The skill utilizes shell execution, cloud API management tools, and Kubernetes cluster control via
kubectlacross all scripts. - Sanitization: No sanitization, escaping, or validation is performed on the data retrieved from external cloud services before it is processed by the agent.
Audit Metadata