cloud-penetration-testing
Conduct comprehensive security assessments of cloud infrastructure across Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).
51
41%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/cloud-penetration-testing/SKILL.mdSecurity
5 findings — 1 critical severity, 1 high severity, 3 medium severity. Installing this skill is not recommended: please review these findings carefully if you do intend to do so.
E006: Malicious code pattern detected in skill scripts
What this means
Detected high-risk code patterns in the skill content — including its prompts, tool definitions, and resources — such as data exfiltration, backdoors, remote code execution, credential theft, system compromise, supply chain attacks, and obfuscation techniques.
Why it was flagged
Malicious code pattern detected (high risk: 1.00). This content contains explicit, actionable instructions for credential theft, data exfiltration, privilege escalation and persistence (e.g., creating/adding service principals to Global Admin, creating backdoor access keys/users, exporting/storing "stolen" tokens, S3/gsutil/az keyvault data extraction, metadata service abuse, and use of IP-rotation/evasion tools like FireProx), indicating clear potential for deliberate malicious abuse.
W007: Insecure credential handling detected in skill instructions
What this means
The skill handles credentials insecurely by requiring the agent to include secret values verbatim in its generated output. This exposes credentials in the agent’s context and conversation history, creating a risk of data exfiltration.
Why it was flagged
Insecure credential handling detected (high risk: 1.00). The prompt contains explicit examples that extract, print, store, and pass secrets verbatim (e.g., $UnsecureSecret, Write-Output of password fields, CLI flags like --secret_access_key and --password <pass>), which require the agent to handle and output secret values directly.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.90). The skill's required workflow (e.g., Phase 1 Reconnaissance with "python3 cloud_enum.py -k targetcompany" and curl calls to external endpoints, Phase 7/8 S3 and Lambda commands like "aws s3 sync s3://bucket-name" and "aws lambda get-function ... | jq '.Configuration.Environment'") explicitly fetches and ingests data from public third‑party sources (public web, S3 buckets, GitHub-hosted tools) which the agent would read and use to drive subsequent actions, exposing it to untrusted user-generated content that could inject instructions.
W012: Unverifiable external dependency detected (runtime URL that controls agent)
What this means
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Why it was flagged
Potentially malicious external URL detected (high risk: 1.00). The skill's "Required Tools" includes commands that fetch and execute remote installers at setup time — notably "curl https://sdk.cloud.google.com | bash" (GCP SDK installer) and "curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip && unzip awscliv2.zip && sudo ./aws/install" (AWS CLI installer) — which are runtime fetch-and-execute dependencies required by the skill.
W013: Attempt to modify system services in skill instructions
What this means
The skill prompts the agent to compromise the security or integrity of the user’s machine by modifying system-level services or configurations, such as obtaining elevated privileges, altering startup scripts, or changing system-wide settings.
Why it was flagged
Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill instructs running privileged local commands (sudo installs, sudo find/cp), using curl|bash, and accessing/writing local credential/context files—actions that alter or require elevated access to the host—so it pushes the agent to modify the machine state.
- Repository
- sickn33/antigravity-awesome-skills
- Commit
6a07b83
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.