okta-attack

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill contains many examples that embed passwords, sessionTokens and SSWS API tokens directly into curl payloads and Authorization headers, which requires the agent to handle and output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document is a high-risk offensive playbook: it contains explicit, actionable instructions and tooling for user enumeration, credential stuffing/password-spraying, MFA abuse (push-fatigue/verification looping), OIDC redirect_uri and SAML misconfiguration exploitation, session-cookie/HAR replay and stealer-assisted session theft, post-compromise Okta admin API abuse, and references to phishing/AiTM kits—clear indicators of deliberate malicious attack and post-compromise behaviors (credential theft, unauthorized access, and session replay).