active-directory-attacks
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a large number of command-line examples for executing powerful security tools such as Mimikatz, Rubeus, Impacket, and BloodHound. These instructions allow for system-level manipulation and network-wide exploitation.
- [DATA_EXFILTRATION]: Contains detailed procedures for extracting sensitive authentication material, including NTLM hashes, Kerberos tickets (Golden/Silver tickets), and service account passwords. While the instructions focus on local extraction to files like 'hashes.txt' or 'tgs.txt' for testing, they represent a significant exposure of sensitive domain credentials.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its interaction with external data.
- Ingestion points: Active Directory object attributes (users, groups, GPOs) enumerated through tools like BloodHound, PowerView, and certipy (SKILL.md, references/advanced-attacks.md).
- Boundary markers: No delimiters or safety instructions are used to prevent the agent from obeying malicious instructions that might be embedded in Active Directory data fields.
- Capability inventory: Extensive system and network capabilities including subprocess execution of security tools, network exploitation (Kerberoasting, DCSync), and local file creation (SKILL.md).
- Sanitization: No methods are described for sanitizing or validating data retrieved from the AD environment before it is used by the agent or presented to the user.
Audit Metadata