skills/mukul975/anthropic-cybersecurity-skills/conducting-pass-the-ticket-attack/Gen Agent Trust Hub
conducting-pass-the-ticket-attack
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill generates shell commands for ticket extraction and lateral movement using specialized security tools like Mimikatz and Rubeus. These are intended for authorized simulation activities.
- [DATA_EXFILTRATION]: The scripts read local Windows event logs and Kerberos ticket files for analysis purposes. No network exfiltration or unauthorized data access was detected.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface in its processing of external data. 1. Ingestion points: Windows security logs (agent.py) and .kirbi ticket files (process.py). 2. Boundary markers: None identified in script outputs. 3. Capability inventory: Generation of commands for remote execution (psexec, smbexec) and file system manipulation. 4. Sanitization: Untrusted data from logs and tickets is extracted as raw strings and printed to the console without validation.
Audit Metadata