vermillion-hunter
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Privilege Escalation (HIGH): The skill provides explicit "Attack Chain" instructions for T1574.002 (DLL Side-Loading) and T1546.015 (COM Hijacking). These techniques are specifically designed to allow an attacker to inherit elevated tokens and execute malicious code within the context of a trusted, signed process.
- Persistence Mechanisms (HIGH): Detailed instructions are provided for achieving persistence via COM Hijacking (T1546.015). This involves creating HKCU registry shadows to hijack elevated COM servers, allowing malicious code to survive reboots.
- External Dependencies (MEDIUM): The skill provides usage patterns for external scripts (
wfh.py,wfh_dridex.py) located on an untrusted GitHub repository (ConsciousHacker/WFH). Execution of these scripts via the provided command patterns constitutes a risk as their source code is not included in the analyzed skill. - Command Execution (MEDIUM): The skill includes specific command-line patterns for executing discovery and exploitation tasks, including a PowerShell script that copies signed Windows binaries to a local directory for analysis.
Recommendations
- AI detected serious security threats
Audit Metadata