The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill provides workflows for executing commands on remote domain systems using tools like psexec.py, wmiexec.py, and smbexec.py. These tools are designed to bypass standard security controls to run arbitrary code with administrative privileges.
[DATA_EXFILTRATION] (HIGH): Multiple instructions focus on the extraction of sensitive domain data. This includes DCSync attacks via secretsdump.py or Mimikatz to dump the entire krbtgt hash and user database, as well as Kerberoasting and AS-REP Roasting to exfiltrate hashes for offline cracking.
[REMOTE_CODE_EXECUTION] (HIGH): The skill includes explicit instructions for exploiting vulnerabilities such as PrintNightmare (CVE-2021-1675), which involves loading a malicious DLL from an external network share (\\attacker\share\evil.dll), representing a direct RCE vector.
[CREDENTIALS_UNSAFE] (HIGH): The skill is centered around the discovery and exploitation of domain credentials. It provides methods to forge Golden and Silver tickets, which allow an attacker to impersonate any user (including Domain Admins) indefinitely.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted data from Active Directory objects (users, groups, GPOs). There are no boundary markers or sanitization logic present to prevent malicious AD object names from influencing the execution of the tools listed (e.g., a username containing command injection characters).

Active Directory Attacks