Conduct comprehensive security assessments of cloud infrastructure across Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).
53
—
Does it follow best practices?
Impact
—
No eval scenarios have been run
Critical
Do not install without reviewing
Security
4 findings — 1 critical severity, 1 high severity, 2 medium severity. Installing this skill is not recommended: please review these findings carefully if you do intend to do so.
Detected high-risk code patterns in the skill content — including its prompts, tool definitions, and resources — such as data exfiltration, backdoors, remote code execution, credential theft, system compromise, supply chain attacks, and obfuscation techniques.
Malicious code pattern detected (high risk: 1.00). This document contains explicit, actionable instructions for credential theft (metadata service, lambda env vars, key vault secrets), data exfiltration (S3/GS buckets, runbook/job outputs), creation of backdoor credentials and persistent access (service principals, new admin users, IAM access keys), and remote command execution (Invoke-AzVMRunCommand, VM SSH), representing high-risk malicious capabilities despite its "authorized use" framing.
The skill handles credentials insecurely by requiring the agent to include secret values verbatim in its generated output. This exposes credentials in the agent’s context and conversation history, creating a risk of data exfiltration.
Insecure credential handling detected (high risk: 0.90). The skill contains multiple insecure patterns that require exposing or handling secrets verbatim (e.g., passing access_key/secret_access_key on the command line, converting SecureString to plaintext, importing/storing stolen tokens, creating access keys and printing secrets), so an agent following it would need to output or process secret values directly.
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Potentially malicious external URL detected (high risk: 0.90). The skill's prerequisite steps download and execute remote installers at runtime (e.g., https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip and https://sdk.cloud.google.com which is saved then run with bash), so these URLs fetch and execute remote code that the skill relies on.
The skill prompts the agent to compromise the security or integrity of the user’s machine by modifying system-level services or configurations, such as obtaining elevated privileges, altering startup scripts, or changing system-wide settings.
Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly instructs privileged/local actions (sudo installs, sudo file copies) and active persistence/backdoor steps (creating service principals, adding admin roles, creating users and access keys) that modify system and cloud state and enable compromise, so it must be flagged.
5e71bba
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.