attacking-entra-id-with-roadtools
Fail
Audited by Snyk on Jun 23, 2026
Risk Level: CRITICAL
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt instructs embedding credentials and tokens verbatim in CLI commands and to print/store tokens (e.g., -p 'Password123!', --refresh-token <refresh_token>, --prt , --tokens-stdout), which requires the LLM to handle or output secret values directly and is therefore high-risk.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). This repository and the included agent wrap ROADrecon/roadtx — an offensive toolkit explicitly designed to enumerate Entra ID tenants, harvest and store directory data, acquire/steal/exchange access/refresh tokens and PRTs, register devices, and pivot tokens across resources — capabilities that directly enable credential theft, token exfiltration, and remote lateral access and therefore present a high risk of malicious abuse if used outside explicit authorization.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
E006
CRITICALMalicious code pattern detected in skill scripts.
Audit Metadata