performing-lateral-movement-with-wmiexec

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly includes and instructs use of plaintext passwords and NT hashes embedded verbatim in command examples (e.g., wmiexec.py domain.local/admin:'Password123' and -hashes :a1b2...), which requires the LLM to handle/output secret values directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). High-risk: the content explicitly documents and implements WMI-based lateral movement, remote command execution (Impacket/CrackMapExec/WMIC/PowerShell), credential theft and harvesting (SAM hive dumps, Pass‑the‑Hash), mechanisms for fileless execution and WMI event‑subscription persistence (backdoor), and other dual‑use techniques that are readily usable for unauthorized compromise and data exfiltration in real environments.