Windows Privilege Escalation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill explicitly instructs harvesting and embedding plaintext credentials and passwords into commands and examples (e.g., reg query showing DefaultPassword, netsh wlan show profile key=clear, psexec -p P@ssw0rd123, base64-decoded passwords), so the LLM would need to handle and output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is a comprehensive, actionable Windows post-exploitation and privilege-escalation guide (credential harvesting, reverse shells, service/kernel exploits, token impersonation, persistence, and AV-evasion) that clearly enables malicious compromise and misuse.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly instructs the agent to perform Windows privilege escalation techniques that modify system files and services, deploy and execute payloads, dump credentials, and change system configuration — all actions that directly compromise and change the host machine's state.