performing-active-directory-vulnerability-assessment

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes an explicit plaintext password in a command example (e.g., --password P@ssw0rd) and instructs running tools with credentials, which requires embedding secrets verbatim in commands/outputs and thus poses a direct exfiltration risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes explicit runtime installation commands that fetch and execute remote code—for example "curl -L https://ghst.ly/getbhce -o docker-compose.yml" (followed by "docker compose up -d") and "Invoke-WebRequest -Uri 'https://github.com/netwrix/pingcastle/releases/latest/download/PingCastle.zip' ...; Expand-Archive ...; .\PingCastle.exe", so these URLs are fetched at runtime and lead to execution of externally-supplied code.