performing-active-directory-forest-trust-attack

SUSPICIOUS: the dependency provenance is mostly consistent and there is no obvious credential-harvesting or third-party exfiltration path, but the skill’s core function is to give an AI agent offensive Active Directory trust-audit/attack capability against real domain infrastructure. This makes it high security risk even without clear malware indicators.

This code is a dual-use AD auditing/offensive tool that enumerates forest trusts and resolves cross-forest SIDs via LDAP and LSAT MSRPC calls. It does not present obvious signs of hidden backdoors or obfuscation in the provided fragment, but it performs powerful, sensitive operations that can be abused to facilitate lateral movement and privilege escalation. Treat as high-risk for inclusion in general-purpose dependencies: restrict usage to controlled environments, avoid passing plaintext credentials via CLI, and ensure output reports are stored/transmitted securely. Consider additional safeguards (credential prompting, ephemeral credentials, strict logging controls, and code review) before deployment.