skills/mukul975/anthropic-cybersecurity-skills/attacking-entra-id-with-roadtools/Gen Agent Trust Hub
attacking-entra-id-with-roadtools
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/agent.pyscript usessubprocess.runto execute theroadreconandroadtxbinaries. This is the primary function of the orchestrator script and does not use a shell, which minimizes command injection risks. - [EXTERNAL_DOWNLOADS]: The skill instructions include installing
roadreconandroadtxfrom the official Python Package Index (PyPI). These are well-known security industry tools. - [CREDENTIALS_UNSAFE]: The orchestration script handles sensitive identity materials, such as passwords and JWT tokens. While it accepts these via command-line arguments and reads them from a local file (
.roadtools_auth), this behavior is standard for identity assessment tooling and does not include hardcoded secrets.
Audit Metadata