hunting-for-ntlm-relay-attacks
Fail
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/agent.pyperforms unsafe command execution by interpolating variables into PowerShell command strings. - Evidence: In the
check_smb_signingfunction, thehostvariable is placed directly inside a single-quoted string:f"try {{ $smb = Get-SmbServerConfiguration -CimSession '{host}' ...". - Impact: This allows for command injection if the
hostvariable (sourced from user input or AD) contains a single quote followed by PowerShell commands (e.g.,dummy'; whoami; '). - Evidence: A similar injection point exists when processing the
--hostsargument:f"'{','.join(hosts)}' -split ',' | ConvertTo-Json". - [DATA_EXFILTRATION]: The skill accesses sensitive information from the Windows Security Event Log, which contains detailed authentication and logon metadata.
- Evidence: The script executes
wevtutil qe Securityto query Event IDs 4624 and 5145. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted log data and using it in sensitive system commands without sanitization.
- Ingestion points: Windows Security Event Logs parsed in
scripts/agent.py. - Boundary markers: No delimiters or 'ignore' warnings are present to protect the shell command logic from malicious log content.
- Capability inventory: The script can execute arbitrary PowerShell commands and query system logs via
subprocess.run. - Sanitization: No escaping or validation is performed on log-derived data before it is interpolated into shell commands.
Recommendations
- AI detected serious security threats
Audit Metadata