active-directory-certificate-services

This fragment is not executable malware, but it is highly actionable offensive security guidance for exploiting AD CS ESC1–ESC13 paths (certificate abuse, CA/template configuration manipulation, and NTLM relay/coercion integration), with concrete commands and detection/remediation mappings. As a supply-chain artifact, its primary risk is enabling real-world intrusion and privilege escalation rather than containing in-code malicious behavior.

This skill is not covert malware, but it is a high-risk offensive security capability set fundamentally aimed at exploiting AD CS for privilege escalation, relay, persistence, and certificate forgery. Its purpose and behavior are internally consistent, yet that purpose is inherently dangerous for an AI agent, and the related-skill loading further expands offensive scope.