performing-kerberoasting-attack

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's workflow culminates in extracting and offline-cracking account credentials and then instructs validating those cracked plaintext credentials against the domain, which inherently requires the agent to handle and potentially emit secret values verbatim (e.g., embedding passwords in authentication commands), creating a high exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is explicit offensive tooling and documentation: it enumerates SPN accounts, requests Kerberos TGS tickets, extracts crackable $krb5tgs$ hashes for offline cracking, and provides post‑exploitation use of cracked credentials (crackmapexec, dcsync, secretsdump) plus OPSEC tips for evasion—constituting deliberate credential theft and facilitation of Active Directory privilege escalation.