windows-privilege-escalation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs harvesting and using plaintext credentials (e.g., reg query showing DefaultPassword, psexec/runas with -p/P@ssw0rd123, base64-decoded passwords) and includes examples that embed secrets verbatim into commands, so an agent following it would need to output secret values directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document is an explicit, operational privilege-escalation playbook containing instructions for credential harvesting (SAM/SYSTEM, mimikatz), remote code execution and reverse shells (msfvenom, netcat, msiexec), service hijacking/unquoted-path exploits, token impersonation attacks (JuicyPotato/PrintSpoofer/RoguePotato), kernel exploits, AV/EDR evasion and obfuscation techniques—all of which are clear, deliberate malicious behaviors enabling unauthorized system compromise and backdoor persistence.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs the agent to perform privilege escalation techniques that modify system services, deploy and execute malicious binaries, dump credentials and bypass security controls—actions that change and compromise the host machine's state.