skills/mukul975/anthropic-cybersecurity-skills/conducting-internal-reconnaissance-with-bloodhound-ce/Gen Agent Trust Hub
conducting-internal-reconnaissance-with-bloodhound-ce
Fail
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The implementation steps in
SKILL.mdrequire the user to download adocker-compose.ymlconfiguration file from an unverified URL shortener (https://ghst.ly/getbhce). - [REMOTE_CODE_EXECUTION]: The skill instructs the user to run the downloaded configuration file via
docker compose up -d. This allows an untrusted third party to define and execute arbitrary containerized software on the host machine, including software with potential host file system access or network persistence. - [COMMAND_EXECUTION]: The
scripts/agent.pyfile usessubprocess.runto execute thebloodhound-pythoncommand-line utility. This pattern involves passing sensitive Active Directory credentials through system processes.
Recommendations
- HIGH: Downloads and executes remote code from: https://ghst.ly/getbhce - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata