Windows Privilege Escalation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill explicitly instructs harvesting and embedding plaintext credentials and passwords into commands and examples (e.g., reg query showing DefaultPassword, netsh wlan show profile key=clear, psexec -p P@ssw0rd123, base64-decoded passwords), so the LLM would need to handle and output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill contains explicit, actionable, step‑by‑step instructions for credential theft (SAM/SYSTEM dumps, mimikatz, registry scraping), remote code execution and backdoors (reverse shells, msfvenom, nc, sc config changes), privilege escalation (token impersonation, kernel exploits), and AV/EDR evasion, representing deliberate malicious and backdoor behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly instructs the agent to perform Windows privilege escalation techniques that modify system files and services, deploy and execute payloads, dump credentials, and change system configuration — all actions that directly compromise and change the host machine's state.