performing-purple-team-atomic-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and installs the public Atomic Red Team atomics from a raw GitHub URL (SKILL.md Step 1: https://raw.githubusercontent.com/redcanaryco/.../install-atomicredteam.ps1) and scripts/agent.py's load_atomics_inventory reads/parses those cloned atomic YAML files (e.g., C:\AtomicRedTeam\atomics), meaning untrusted third‑party test definitions are ingested and can directly drive executions, rule suggestions, and retest actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill contains an IEX (New-Object System.Net.WebClient).DownloadString call that downloads and executes remote PowerShell at runtime from https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1, which directly executes remote code and is used to install required atomics.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly directs running Atomic Red Team tests that require administrative/root access and perform actions like creating accounts, modifying services/registry and other persistent/system-level changes (with cleanup), so it instructs modifying and potentially compromising the host state.