active-directory-attacks
Fail
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides specific instructions for running powerful penetration testing and exploitation tools, including Mimikatz, Impacket, Rubeus, and CrackMapExec, which are used to extract credentials and escalate privileges.
- [COMMAND_EXECUTION]: Includes automated exploitation steps for critical vulnerabilities such as ZeroLogon (CVE-2020-1472), PrintNightmare (CVE-2021-1675), and samAccountName Spoofing, including commands that load external malicious DLLs.
- [DATA_EXFILTRATION]: Facilitates the extraction of sensitive domain credentials via DCSync attacks (
secretsdump.pyandlsadump::dcsync), which allows an attacker to retrieve password hashes for any user, including the Domain Administrator and krbtgt account, from a Domain Controller. - [EXTERNAL_DOWNLOADS]: The installation command in
metadata.jsonfetches content from an untrusted GitHub repository (sickn33/antigravity-awesome-skills) usingcurl, which is then stored in the local environment. - [COMMAND_EXECUTION]: Provides workflows for network-level attacks such as LLMNR/NBT-NS poisoning and NTLM relaying (using Responder and ntlmrelayx.py) to intercept and reuse authentication tokens.
- [COMMAND_EXECUTION]: Instructs the agent on bypassing system constraints, such as faking the system clock or using
faketimeto satisfy Kerberos requirements for ticket attacks.
Recommendations
- AI detected serious security threats
Audit Metadata