aws-penetration-testing
Provide comprehensive techniques for penetration testing AWS cloud environments. Covers IAM enumeration, privilege escalation, SSRF to metadata endpoint, S3 bucket exploitation, Lambda code extraction, and persistence techniques for red team operations.
81
77%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/antigravity-aws-penetration-testing/SKILL.mdSecurity
5 findings — 2 critical severity, 1 high severity, 2 medium severity. Installing this skill is not recommended: please review these findings carefully if you do intend to do so.
E005: Suspicious download URL detected in skill instructions
What this means
Detected a suspicious URL in the skill instructions that could lead the agent to download and execute malicious scripts or binaries. This includes links to executables from untrusted sources, typosquatting of official packages, URL shorteners that obscure the destination, and personal file hosting services.
Why it was flagged
Suspicious download URL detected (high risk: 0.90). These URLs are high-risk: they include AWS metadata endpoints used to steal/temp credentials (SSRF), generic S3 endpoints and public bucket indexes that can host arbitrary/malicious payloads, and offensive GitHub tools (Pacu, aws_consoler, enumerate-iam) which, although legitimate, are dual-use and can be used to download/execute malicious actions in unauthorized contexts.
E006: Malicious code pattern detected in skill scripts
What this means
Detected high-risk code patterns in the skill content — including its prompts, tool definitions, and resources — such as data exfiltration, backdoors, remote code execution, credential theft, system compromise, supply chain attacks, and obfuscation techniques.
Why it was flagged
Malicious code pattern detected (high risk: 1.00). This content provides explicit, actionable instructions for credential theft (IMDS SSRF, env vars, secrets), privilege escalation (create-access-key, attach policies, PassRole), backdooring and remote code execution (updating Lambda code, building/pushing backdoored container images), data exfiltration (S3 sync, EBS snapshot extraction), and anti-forensic behavior (disabling CloudTrail, user-agent evasion), which together indicate intentional malicious abuse and persistence techniques.
W007: Insecure credential handling detected in skill instructions
What this means
The skill handles credentials insecurely by requiring the agent to include secret values verbatim in its generated output. This exposes credentials in the agent’s context and conversation history, creating a risk of data exfiltration.
Why it was flagged
Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs embedding and outputting AWS credentials, tokens, and secrets verbatim in commands and environment variables (e.g., aws configure, export AWS_ACCESS_KEY_ID=..., --access-key/--secret-key, metadata curl responses), forcing the LLM to handle secrets directly and creating high exfiltration risk.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching and ingesting untrusted third-party content — e.g., accessing instance metadata via SSRF (http://169.254.169.254/latest/meta-data/), downloading code and tools from public URLs/GitHub (git clone https://github.com/...), and enumerating public S3 buckets (https://buckets.grayhatwarfare.com/ and s3 URLs) — and then directs using that retrieved data (credentials, code, URLs) to drive subsequent actions, so untrusted content can materially influence behavior.
W013: Attempt to modify system services in skill instructions
What this means
The skill prompts the agent to compromise the security or integrity of the user’s machine by modifying system-level services or configurations, such as obtaining elevated privileges, altering startup scripts, or changing system-wide settings.
Why it was flagged
Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill contains explicit, actionable commands to change system state and gain/abuse privileges (create access keys, attach admin policies, update Lambda code, disable CloudTrail, run sudo mount and SSM commands), enabling compromise and persistence on machines and cloud resources.
- Repository
- boisenoise/skills-collections
- Commit
353f6a8
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.