executing-active-directory-attack-simulation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs embedding plaintext credentials, hashes, and cracked passwords verbatim into commands and report outputs (e.g., :, -nthash , impacket-psexec with SVC-SQL:Summer2023!), which forces the LLM to handle secrets directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill is intentionally offensive: it contains explicit, actionable instructions, commands, and a runnable agent for credential theft (Mimikatz/LSASS dumps, DCSync), Kerberos abuse (Kerberoasting, AS‑REP roasting, Silver/Golden tickets), NTLM relay / pass‑the‑hash / remote execution, and BloodHound-guided privilege escalation — i.e., deliberate capabilities for stealing credentials, lateral movement, domain compromise and backdoor-style persistence/exfiltration.