performing-active-directory-penetration-test

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt embeds plaintext credentials and passwords directly in command examples (e.g., -p 'Password123', 'corp.local/domainadmin:DAPass@10.0.0.5'), which requires the LLM to handle and reproduce secret values verbatim—an insecure exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content provides explicit, actionable tools, scripts, and step‑by‑step commands to discover, steal, and escalate credentials (Kerberoast, AS‑REP, DCSync, Mimikatz, Golden/Silver tickets), abuse ADCS and delegation (RBCD/ESC*), and establish persistence—clearly enabling domain compromise and deliberate malicious abuse when used outside authorized testing.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs privileged and state-changing operations (e.g., "sudo neo4j start", Mimikatz LSASS injection, creating an EVIL$ computer account, modifying AD/CA templates and ACLs) that modify the host or domain state and thus push the agent to compromise the machine it runs on.