aws-penetration-testing
Provide comprehensive techniques for penetration testing AWS cloud environments. Covers IAM enumeration, privilege escalation, SSRF to metadata endpoint, S3 bucket exploitation, Lambda code extraction, and persistence techniques for red team operations.
81
Quality
77%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/aws-penetration-testing/SKILL.mdSecurity
5 findings — 2 critical severity, 1 high severity, 2 medium severity. Installing this skill is not recommended: please review these findings carefully if you do intend to do so.
E005: Suspicious download URL detected in skill instructions
What this means
Detected a suspicious URL in the skill instructions that could lead the agent to download and execute malicious scripts or binaries. This includes links to executables from untrusted sources, typosquatting of official packages, URL shorteners that obscure the destination, and personal file hosting services.
Why it was flagged
Suspicious download URL detected (high risk: 0.80). These URLs are not links to a clearly malicious installer, but they include AWS metadata endpoints (SSRF/credential-exfiltration targets), public S3 endpoints and a grayhat bucket index plus offensive-security GitHub repos — legitimate for pentesting but readily abused to steal credentials or host/distribute malicious payloads, so they represent a substantial risk.
E006: Malicious code pattern detected in skill scripts
What this means
Detected high-risk code patterns in the skill content — including its prompts, tool definitions, and resources — such as data exfiltration, backdoors, remote code execution, credential theft, system compromise, supply chain attacks, and obfuscation techniques.
Why it was flagged
Malicious code pattern detected (high risk: 1.00). This content explicitly instructs how to steal credentials and secrets (SSRF to IMDS, container/env reads, Secrets Manager, STS/STS-derived tokens), exfiltrate data (S3 sync, EBS/NTDS extraction), escalate privileges and create persistent admin access (create-access-key, attach policies, CreateLoginProfile, PassRole/RunInstances), install backdoors and remote code execution (update Lambda code, build/push backdoored containers, Lambda/API Gateway backdoors), and evade detection (disable CloudTrail, user-agent obfuscation), i.e. it provides step‑by‑step malicious techniques for unauthorized access, persistence, and cover‑up.
W007: Insecure credential handling detected in skill instructions
What this means
The skill handles credentials insecurely by requiring the agent to include secret values verbatim in its generated output. This exposes credentials in the agent’s context and conversation history, creating a risk of data exfiltration.
Why it was flagged
Insecure credential handling detected (high risk: 1.00). The prompt includes commands and examples that embed API keys, temporary credentials, and secrets verbatim (e.g., CLI args, export AWS_ACCESS_KEY_ID/SECRET, enumerate-iam --access-key/--secret-key), which requires the agent to handle and output secret values directly, creating an exfiltration risk.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 1.00). The skill's core workflow (SKILL.md) explicitly instructs fetching and inspecting untrusted third‑party content — e.g., git clone of public GitHub repos, using aws s3 sync / public bucket URLs (including https://buckets.grayhatwarfare.com), and aws lambda get-function plus wget to download Lambda code — and those retrieved files/outputs are read and used to drive escalation and follow-up actions, so untrusted content can materially influence agent behavior.
W012: Unverifiable external dependency detected (runtime URL that controls agent)
What this means
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Why it was flagged
Potentially malicious external URL detected (high risk: 1.00). The skill instructs runtime installation and execution of external tooling (e.g., "git clone https://github.com/RhinoSecurityLabs/pacu"), which fetches and executes remote code and is listed as an essential dependency, so this URL represents a high-risk runtime external dependency.
- Repository
- sickn33/antigravity-awesome-skills
- Commit
9c177eb
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.