CtrlK
BlogDocsLog inGet started
Tessl Logo

cloud-penetration-testing

This skill should be used when the user asks to "perform cloud penetration testing", "assess Azure or AWS or GCP security", "enumerate cloud resources", "exploit cloud misconfiguratio...

Install with Tessl CLI

npx tessl i github:sickn33/antigravity-awesome-skills --skill cloud-penetration-testing
What are skills?

84

1.20x

Quality

68%

Does it follow best practices?

Impact

96%

1.20x

Average score across 6 eval scenarios

Optimize this skill with Tessl

npx tessl skill review --optimize ./skills/cloud-penetration-testing/SKILL.md
SKILL.md
Review
Evals

Evaluation results

100%

7%

AWS Infrastructure Discovery Script Set

AWS multi-region enumeration scripts

Criteria
Without context
With context

regions.txt file

100%

100%

Region list completeness

100%

100%

while-read iteration

100%

100%

EC2 public IP discovery

100%

100%

ELBv2 load balancer coverage

100%

100%

Classic ELB coverage

100%

100%

RDS endpoint discovery

100%

100%

CloudFormation outputs

100%

100%

In-place deduplication

100%

100%

jq -r plain-text output

0%

100%

Append mode

100%

100%

Without context: $0.4921 · 2m 26s · 28 turns · 34 in / 6,835 out tokens

With context: $0.7231 · 2m 14s · 30 turns · 5,292 in / 6,547 out tokens

93%

5%

ScoutSuite Multi-Account Findings Extractor

ScoutSuite output parsing

Criteria
Without context
With context

tail -n +2 prefix skip

80%

100%

Multi-directory iteration

100%

100%

Lambda env variable extraction

100%

100%

S3 world-listable finding

100%

100%

Account ID alongside S3 findings

100%

100%

EC2 user data extraction

100%

100%

Unencrypted EBS volumes

100%

100%

Unencrypted EBS snapshots

0%

0%

Separate output files

100%

100%

Append mode across accounts

60%

100%

Without context: $0.4485 · 2m 23s · 24 turns · 31 in / 7,142 out tokens

With context: $1.3513 · 5m 11s · 43 turns · 5,199 in / 15,909 out tokens

100%

22%

Multi-Cloud Penetration Test Engagement Package

Assessment planning and deliverables

Criteria
Without context
With context

Cloud Security Assessment Report deliverable

75%

100%

Resource Inventory deliverable

0%

100%

Credential Findings deliverable

0%

100%

Remediation Recommendations deliverable

87%

100%

ScoutSuite listed

100%

100%

Pacu listed

100%

100%

Azure AD tooling

100%

100%

Detection systems mentioned

100%

100%

Slow enumeration guidance

62%

100%

Written authorization requirement

100%

100%

Scope and rules of engagement

100%

100%

cloud_enum or ip2provider mentioned

100%

100%

Without context: $0.5804 · 3m 41s · 25 turns · 32 in / 9,785 out tokens

With context: $0.8827 · 4m 48s · 24 turns · 5,366 in / 13,149 out tokens

92%

22%

GCP Security Assessment Runbook

GCP enumeration and exploitation workflow

Criteria
Without context
With context

Service account key auth

100%

100%

Organization/project enumeration

0%

100%

IAM policy enumeration

100%

100%

Enabled services listing

0%

100%

Source repository enumeration

0%

100%

Compute instance enumeration

100%

100%

Storage enumeration with gsutil

100%

100%

SQL instance enumeration

100%

100%

Kubernetes cluster credentials

100%

100%

Metadata-Flavor header

100%

100%

Metadata service URL

100%

100%

Cloud Functions analysis

62%

100%

KMS decrypt command

0%

0%

Access scopes check

100%

100%

Without context: $0.4109 · 2m 43s · 13 turns · 20 in / 9,769 out tokens

With context: $0.7091 · 3m 35s · 22 turns · 5,361 in / 10,750 out tokens

100%

38%

Azure Serverless Infrastructure Intelligence Gathering

Azure Automation runbook and Function App enumeration

Criteria
Without context
With context

Get-AzSubscription iteration

100%

100%

Select-AzSubscription per iteration

100%

100%

Per-subscription output directory

25%

100%

Get-AzAutomationAccount usage

100%

100%

Get-AzAutomationRunbook usage

100%

100%

Export-AzAutomationRunbook

75%

100%

Get-AzFunctionApp usage

0%

100%

ApplicationSettings extraction

33%

100%

SiteConfig or config extraction

100%

100%

IdentityUserAssignedIdentity extraction

12%

100%

Automation job output collection

0%

100%

Without context: $0.4038 · 2m 33s · 11 turns · 16 in / 9,482 out tokens

With context: $0.5769 · 2m 41s · 18 turns · 320 in / 8,065 out tokens

96%

2%

AWS Cloud Workload Secrets Assessment

AWS IMDSv2, Lambda secrets, and RDS snapshot exposure

Criteria
Without context
With context

IMDSv2 PUT token request

100%

100%

IMDSv2 TTL header

100%

100%

TOKEN variable usage

100%

100%

IMDSv2 token auth on metadata request

100%

100%

IAM credentials metadata path

100%

100%

Lambda list-functions

100%

100%

Lambda get-function with jq env extraction

50%

66%

RDS snapshot-type manual filter

100%

100%

RDS describe-db-snapshot-attributes

100%

100%

AttributeValues all check

100%

100%

IMDSv1 not sole method

100%

100%

Without context: $0.2523 · 1m 42s · 12 turns · 15 in / 5,287 out tokens

With context: $0.5363 · 2m 24s · 16 turns · 5,358 in / 7,584 out tokens

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

AWS Infrastructure Discovery Script SetScoutSuite Multi-Account Findings ExtractorMulti-Cloud Penetration Test Engagement PackageGCP Security Assessment RunbookAzure Serverless Infrastructure Intelligence GatheringAWS Cloud Workload Secrets Assessment

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill