[creshal]

Yes. That's why this isn't a "these are exploits" list, but a "this is where you need to be careful" list.

If configured properly, it's safe, but there's a number of gotchas, like indirect privilege escalation through improper $PAGER: https://gtfobins.github.io/gtfobins/apt/

[idorosen]

Exactly! GTFOBins is an educational tool, not an exploit list, in my opinion.

[fragmede]

Hopefully, the "education" going on here is that whitelisting 'sudo' command lists is leaky as all hell, and that it is not to be relied on at all to keep a system safe from attack.