Active Directory Attacks

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains many example commands and workflows that embed plaintext credentials, hashes, and tokens directly (e.g., user:password, -p 'Password123', -hashes :NTHASH, KRBTGT_HASH, HEXPASSWORD), which require the LLM to output secret values verbatim and thus creates exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is high-risk and malicious: it provides explicit, step-by-step commands and tooling to steal credentials (Mimikatz, DCSync), perform Kerberos and NTLM attacks (Kerberoasting, AS-REP, Golden/Silver tickets, NTLM relay), exploit CVEs, and achieve lateral movement, persistence, and full Active Directory compromise—enabling unauthorized system takeover.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes a runtime exploit command for PrintNightmare that references an external UNC path '\attacker\share\evil.dll', which is a required runtime external dependency used to host a malicious DLL that will be loaded/executed on the target.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs running privileged commands that change host state (e.g., "sudo date -s", faketime, network-sniffing/responders requiring root) and guides persistent/privilege‑escalation actions, so it pushes the agent to modify the machine's state.