windows-privilege-escalation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains literal secrets and explicit examples that embed credentials verbatim in commands (e.g., "DefaultPassword: P@ssw0rd123", psexec -u ... -p P@ssw0rd123, base64-decoding of a password, netsh key=clear and runas usages), so an LLM following it would be required to handle and output secret values directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content provides highly actionable, step‑by‑step techniques for credential harvesting, remote code execution (reverse shells), privilege escalation (service hijacking, token impersonation, kernel exploits), and AV/EDR evasion—meaning it can be directly abused for unauthorized system compromise.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly instructs the agent to perform privilege escalation, modify service binaries and system files, run exploit binaries, and harvest credentials—actions that directly alter and compromise the host system.