skills/mukul975/anthropic-cybersecurity-skills/performing-active-directory-vulnerability-assessment/Gen Agent Trust Hub
performing-active-directory-vulnerability-assessment
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches Active Directory assessment tools from the official GitHub repository of Netwrix (PingCastle) and via a vendor-associated shortened link for BloodHound. These are established sources for the tools required.\n- [COMMAND_EXECUTION]: Instructs the agent to execute specific security assessment binaries and environment management commands (PowerShell, Docker). These actions are required for the skill's primary function of vulnerability management.\n- [CREDENTIALS_UNSAFE]: Provides a hardcoded example password ('P@ssw0rd') within a demonstration command in the instructions.\n- [PROMPT_INJECTION]: The skill contains metadata identifying 'mahipal' as the author, which differs from the provided vendor context and license holder 'mukul975'.\n- [PROMPT_INJECTION]: An indirect prompt injection surface is present in agent.py and process.py, which process data from external tool outputs.\n
- Ingestion points: PingCastle XML and BloodHound JSON reports.\n
- Boundary markers: None identified in processing scripts.\n
- Capability inventory: Scripts perform file reads, LDAP queries, and local file writes.\n
- Sanitization: No input validation or escaping is performed on the ingested tool data.
Audit Metadata