Privilege Escalation
Attempts to gain elevated access or execute commands with higher permissions than intended.
Privilege escalation in skill files involves instructions or code that could lead the AI to suggest or execute commands with elevated system access. Examples include sudo usage, chmod with overly permissive modes (e.g. 777), access to sensitive paths like /etc/shadow or .ssh, or manipulation of setuid/setgid binaries.
When skill files contain such patterns inside code blocks, they train the model to propose dangerous commands in user workflows. A developer following AI-suggested steps could inadvertently expose credentials or compromise their system.
skillaudit detects privilege escalation patterns within code blocks: sudo, chmod with risky modes, references to shadow, passwd, .ssh, id_rsa, .env, .aws/credentials, and capability-related commands. Findings are linked to MITRE ATT&CK T1059 (Command and Scripting Interpreter) where relevant.