skills/mukul975/anthropic-cybersecurity-skills/abusing-shadow-credentials-for-privesc/Gen Agent Trust Hub
abusing-shadow-credentials-for-privesc
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The orchestration script
scripts/agent.pyexecutes external security tools includingcertipyandpywhisker. These executions are performed usingsubprocess.runwith arguments passed as a list, which effectively mitigates the risk of shell injection attacks. - [EXTERNAL_DOWNLOADS]: The skill provides instructions and references for downloading industry-standard security tools from public repositories, including
ShutdownRepo/pywhisker,dirkjanm/PKINITtools, and thecertipy-adpackage. These resources are utilized for their intended purpose within the context of red-teaming and authorized security testing.
Audit Metadata