Active Directory Attacks
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill provides numerous commands for performing high-impact attacks such as DCSync, Pass-the-Hash, and Kerberos ticket forgery (Golden/Silver tickets). These commands facilitate full domain takeover and impersonation of any user.
- [REMOTE_CODE_EXECUTION] (HIGH): The workflow directs users to execute unverified external Python scripts for critical vulnerabilities like ZeroLogon (CVE-2020-1472) and PrintNightmare (CVE-2021-1675). One component, secretsdump.py, was specifically flagged as malicious by automated scanners.
- [DATA_EXFILTRATION] (HIGH): The skill is designed for the systematic extraction of sensitive domain data, including password hashes, Kerberos tickets, and user enumeration metadata, which are output to local files for further exploitation.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill depends on several third-party toolsets (Impacket, BloodHound, Rubeus, CrackMapExec) that must be obtained from external repositories, increasing the risk of supply chain compromise.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata