PowerShell Scripting for Security

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill includes an explicit hardcoded plaintext password ("password123") and shows credentials stored in a hashtable, which encourages embedding secret values verbatim in outputs even though it advises using secure methods.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes examples that fetch and process arbitrary public web content (see Phase 9 "Network Operations" with Invoke-WebRequest -Uri "https://target.com", Invoke-RestMethod -Uri "https://api.target.com/users", Invoke-WebRequest -Uri $url -OutFile "downloaded.exe" and reading $response.Content), so the agent would ingest untrusted third-party content as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly targets red-team/security automation and instructs use of Administrator access (e.g., "Run PowerShell as Administrator", Set-ExecutionPolicy, Install-Module, downloading executables, accessing security logs and remote sessions), which encourages privileged actions that modify system state and can bypass protections.