active-directory-acl-abuse

SUSPICIOUS. The skill is internally consistent with its stated purpose, but that purpose is to give an AI agent offensive AD exploitation capability. It enables credential theft, privilege escalation, persistence, and environment modification; combined with transitive loading of more attack skills and partially unverifiable tool provenance, this makes it a high-risk offensive security skill rather than benign admin guidance.

This module is not typical defensive or benign library code; it is an offense-oriented BloodHound/Neo4j query-and-workflow artifact designed to help operators discover and act on Active Directory privilege-escalation paths (including Domain Admin targeting and credential-abuse-enabling patterns). It contains no obvious obfuscation or stealthy payload implementation, but it is highly actionable for intrusion planning and therefore represents a high security risk if present in a software supply chain without clear defensive intent and controls.