Windows Privilege Escalation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs credential harvesting and lists "Credential Dump: Harvested passwords, hashes, or tokens" as a deliverable, which requires the agent to present secret values verbatim and therefore creates an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is explicitly a step-by-step malicious/practical attack guide: it contains instructions and commands for credential theft, reverse shells/backdoors, privilege escalation exploits, service/binpath/DLL hijacking, kernel exploits, and obfuscation techniques intended to gain and persistently abuse elevated access.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). It explicitly instructs the agent to perform Windows privilege escalation and exploitation activities (credential harvesting, service/kernel exploits, transferring exploit binaries, obtaining elevated shells and modifying services/configs), which directly change system state and grant high-privilege control over the host.