ad-security-reviewer
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill guide instructs on the execution of multiple external PowerShell scripts (
audit_privileged_groups.ps1,review_delegation.ps1) and Node.js scripts. These are executed with Domain Administrator privileges, creating a massive blast radius if the scripts are malicious or manipulated. - [PROMPT_INJECTION] (HIGH): The skill has a significant Indirect Prompt Injection surface (Category 8). It ingests untrusted data from Active Directory attributes and system audit logs. Malicious actors could populate AD fields or trigger specific log entries to manipulate the AI agent's analysis or subsequent actions.
- Ingestion points: Active Directory objects, Windows Event Logs, Azure Audit Logs.
- Boundary markers: None detected; scripts process raw data from AD modules.
- Capability inventory: File system write (
fs.writeFileSync), network operations (Invoke-RestMethod), and administrative PowerShell command execution. - Sanitization: None documented; the guide does not mention escaping or validating the content of AD attributes before processing.
- [CREDENTIALS_UNSAFE] (MEDIUM): The skill requires Azure AD App Registration secrets (Client Secret, Tenant ID). While the guide uses placeholders, the design pattern involves passing these secrets into scripts, which increases the risk of credential exposure in logs or process environments.
- [DATA_EXFILTRATION] (MEDIUM): The PowerShell examples include logic to send audit results to external endpoints via
Invoke-RestMethod. This represents a potential exfiltration vector for sensitive organizational data if the endpoint is misconfigured or targeted.
Recommendations
- AI detected serious security threats
Audit Metadata