tencent-pentesting

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill directly shows and instructs workflows that fetch secrets (metadata TmpSecretId/TmpSecretKey/Token, CreateAccessKey returns SecretId/SecretKey) and uses examples that place API credentials as CLI arguments/config values (e.g., coscmd -a SECRET_ID -s SECRET_KEY), which requires handling and embedding secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document is an explicit offensive playbook that instructs credential theft (metadata/SSM/SCF), data exfiltration (COS downloads, CLS searches, KMS decrypt), privilege escalation and account takeover (CreateAccessKey, AttachUserPolicy, UpdateAssumeRolePolicy, PassRole), remote code execution and persistence (TAT RunCommand, scf UpdateFunctionCode, creating privileged Pods with hostPath), network manipulation for access (security group changes, CLB backend registration), and includes simple obfuscation (base64 payload examples) — i.e., clear, actionable malicious guidance for compromising and maintaining access to Tencent Cloud environments.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow explicitly instructs the agent to fetch and interpret untrusted third-party content (e.g., curl to http://metadata.tencentyun.com, accessing cos.*.myqcloud.com public bucket URLs, and downloading SCF code via external CODE_DOWNLOAD_URL) and then use that data (credentials, code, logs) to drive subsequent actions, enabling indirect prompt-injection-like influence.