performing-purple-team-exercise
Fail
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references and downloads the installation script for Atomic Red Team from the official Red Canary GitHub repository (https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1). Red Canary is a well-known security organization, and this download is required for the skill's primary function.
- [REMOTE_CODE_EXECUTION]: Instructions in SKILL.md and api-reference.md suggest using the 'Invoke-Expression' (IEX) command on the result of a remote web request (IWR) to install testing tools. This pattern of piping remote content into a shell is documented neutrally as it targets a well-known service for a legitimate security testing purpose.
- [COMMAND_EXECUTION]: The workflow involves executing various security testing commands (e.g., Invoke-AtomicTest, Mimikatz, PsExec) to simulate attacker TTPs such as LSASS memory access and scheduled task creation. These actions are intended for detection validation and are performed within the scope of a coordinated security exercise.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata