The Agent Skills Directory

[DATA_EXPOSURE_EXFILTRATION]: The skill focuses on extracting Kerberos TGS (Ticket Granting Service) hashes from Active Directory service accounts. These hashes are sensitive authentication materials that can be cracked offline. Evidence found in SKILL.md (Step 2: Request TGS Tickets) and scripts/agent.py in the run_getuserspns function.
[UNVERIFIABLE_DEPENDENCIES_RCE]: The skill requires the installation of the impacket library from external package registries. It uses the subprocess module in scripts/agent.py to execute command-line tools like GetUserSPNs.py and hashcat with parameters provided during runtime.
[METADATA_POISONING]: There is an inconsistency in the author metadata; SKILL.md attributes the work to 'mahipal', while the license and system configuration refer to 'mukul975'.
[INDIRECT_PROMPT_INJECTION]: The scripts/process.py tool ingests Windows Event Logs (Event ID 4769) to detect attacks. Maliciously crafted data within these logs could potentially influence the agent's interpretation of the system state.
Ingestion points: scripts/process.py (line 62) via the parse_event_log method.
Boundary markers: No delimiters or safety instructions are used when processing the ingested log data.
Capability inventory: The skill includes the ability to execute system commands and perform network operations via wrapped tools in scripts/agent.py.
Sanitization: The log parsing logic lacks validation or sanitization of the values extracted from the EventData fields.

exploiting-kerberoasting-with-impacket