m365-entra-attack

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs making auth requests with plaintext passwords, capturing successful username:password pairs and cookies, and logging/reporting validated credentials verbatim (e.g., "Valid M365 cred — :"), which requires the LLM/agent to handle and output secret values.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill contains explicit, operational instructions for credential-stuffing/credential-spray attacks, using stolen "stealer" dumps, automated validation of valid credentials (including capturing access tokens, cookies, and screenshots), user-enumeration techniques, and CA/MFA bypass/prioritization tactics — all clear steps for unauthorized account takeover and data access.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs bypassing security checks (ssl.CERT_NONE, Playwright --ignore-certificate-errors / ignore_https_errors) and recommends pip install --break-system-packages (which can alter system packages), so it pushes the agent to circumvent security mechanisms and modify the host environment.