exploiting-active-directory-certificate-services-esc1

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt embeds plaintext credentials and placeholders in command examples (e.g., -p 'Password123', /password:) and instructs building commands that include those secrets, which requires the LLM to handle/output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content provides explicit, actionable instructions and tooling to forge certificates, perform PKINIT to request TGTs for high‑privileged accounts, and dump domain credentials—directly enabling deliberate credential theft and domain privilege escalation (malicious behavior) if used outside authorized testing.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs the agent to perform credential-forging, PKINIT authentication, load forged TGTs into memory, and run privilege-escalation/credential-dumping tools (Rubeus, Mimikatz, secretsdump), activities that modify the host's security state and enable compromise.