Skills
skills/diegosouzapw/awesome-omni-skill/active-directory/Gen Agent Trust Hub

active-directory

Warn

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's installation instructions in metadata.json involve downloading content from an untrusted GitHub repository (majiayu000/claude-skill-registry) using curl.
  • [COMMAND_EXECUTION]: The skill requires the windows-command-line tool to execute high-privilege PowerShell commands such as Get-ADUser, Unlock-ADAccount, and Get-ADComputer. These commands interact directly with sensitive directory services.
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection (Category 8).
  • Ingestion points: Data enters the agent context through the output of PowerShell cmdlets (Get-ADUser, Get-ADGroupMember, Get-ADOrganizationalUnit) and ADSI searchers defined in SKILL.md.
  • Boundary markers: None identified; the agent processes raw command output without delimiters to distinguish data from instructions.
  • Capability inventory: The skill uses the windows-command-line tool, allowing for arbitrary command execution on the host system.
  • Sanitization: No evidence of output sanitization or validation of AD object attributes (e.g., 'Description' or 'DisplayName' fields) which could be used by an attacker to inject instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 3, 2026, 08:26 AM