abusing-shadow-credentials-for-privesc

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The orchestration script scripts/agent.py executes external security tools including certipy and pywhisker. These executions are performed using subprocess.run with arguments passed as a list, which effectively mitigates the risk of shell injection attacks.
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions and references for downloading industry-standard security tools from public repositories, including ShutdownRepo/pywhisker, dirkjanm/PKINITtools, and the certipy-ad package. These resources are utilized for their intended purpose within the context of red-teaming and authorized security testing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 05:40 PM
Security Audit — agent-trust-hub — abusing-shadow-credentials-for-privesc