attacking-oauth-with-device-code-phishing
Fail
Audited by Snyk on Jun 22, 2026
Risk Level: CRITICAL
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). This prompt explicitly instructs capturing access_tokens/refresh_tokens and client_secrets and embedding them verbatim into subsequent commands and scripts (curl, roadtx, TokenTactics), which requires the LLM to output secret values directly and creates a high exfiltration risk.
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.90). Although many links are legitimate Microsoft, standards, and reference pages, the list also includes GitHub repositories (TokenTactics, ROADtools, AADInternals) and an attacker callback used to host/execute offensive tooling plus explicit instructions for device-code/consent phishing — making these sources high-risk for distributing malicious scripts and post‑exploitation tools.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). This content is an explicit, operational playbook for OAuth device‑code phishing and illicit-consent attacks that instructs capture and reuse of access/refresh tokens to access Microsoft 365 resources and establish persistent tenant access—i.e., deliberate credential theft, token exfiltration, and backdoor/persistence techniques.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill makes live calls to the Entra ID endpoints (e.g. https://login.microsoftonline.com/{tenant}/oauth2/v2.0/devicecode and https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token) whose JSON responses (user_code, verification_uri, device_code, tokens) directly control the agent's prompts and flow at runtime — additionally the prerequisites instruct fetching/executing remote code from GitHub (https://github.com/rvrsh3ll/TokenTactics and https://github.com/dirkjanm/ROADtools) which are cloned/imported and thus execute code as part of setup/use.
Issues (4)
W007
HIGHInsecure credential handling detected in skill instructions.
E005
CRITICALSuspicious download URL detected in skill instructions.
E006
CRITICALMalicious code pattern detected in skill scripts.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata