hunt-sharepoint

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly walks through capturing and reusing sensitive tokens (FormDigest/X-RequestDigest, FedAuth cookies) and includes SOAP Login payload templates with username/password fields, which would require an agent to insert and output secret values verbatim into subsequent requests/commands.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This is an explicit offensive playbook: it provides step-by-step instructions for anonymous credential brute-force (Authentication.asmx), obtaining FormDigests and exploiting ToolPane/ViewState for unauthenticated RCE, dumping machineKey/AD topology via NTLM Type-2 challenges, deploying web shells and stealing tokens — all enabling unauthorized access, persistence, and lateral movement.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.72). The skill’s runtime workflow is an on-prem SharePoint probing methodology that instructs the agent to fetch arbitrary target URLs/pages (e.g., /_layouts/15/ToolPane.aspx, /_vti_bin/Authentication.asmx, /_api/contextinfo) and parse their HTML/JSON responses, which are outsider-authored free text from the target system and can contain attacker-controlled content that becomes LLM context (indirect prompt injection risk).