windows-privilege-escalation

This module is an attacker-oriented, highly actionable Windows privilege-escalation and credential-theft runbook. It provides a decision tree to select token impersonation (“Potato” family) techniques based on OS and privilege/service conditions, includes ready-to-run payload execution steps to obtain SYSTEM, and contains explicit credential harvesting instructions (SAM/NTDS extraction) plus high-impact driver-load abuse guidance. As distributed in a software supply chain, it would represent a severe security risk and strong indicators of malicious intent/attack enablement.

This fragment is an explicit offensive UAC bypass/privesc guide that instructs how to execute attacker payloads in elevated context using registry hijacking of auto-elevate mechanisms, scheduled task/environment abuse, DLL/path trust tricks, and cmstp.exe INF execution with a remote payload reference. Treat it as a critical malicious supply-chain risk; it should not be used or shipped as part of any legitimate dependency.

SUSPICIOUS/HIGH-RISK skill. Its footprint is fully aligned with offensive compromise activities rather than benign administration: it teaches an AI agent to escalate privileges, dump credentials, alter services/tasks, and chain into further attack skills. Even where some tools are legitimate projects, the overall purpose and data flows are incompatible with safe general-use agent skills.