attacking-oauth-with-device-code-phishing
Audited by Socket on Jun 22, 2026
2 alerts found:
Malwarex2This skill is not a normal admin or developer integration; it is an offensive phishing/token-theft capability for AI agents. Its purpose, data flows, and credential handling are coherent with attack operations but make it high risk and inappropriate for general agent deployment. Treat as suspicious/high-risk offensive security content rather than benign documentation.
High-risk instructional content for OAuth device-code/consent phishing and refresh-token abuse against Microsoft Entra ID, including guidance that enables authenticated access to Graph/Outlook/Teams/ARM and potential mailbox/tenant enumeration via offensive tooling. While the snippet contains no executable code, its explicit phishing framing and end-to-end token acquisition/persistence/data-access workflow make it strongly suspicious for malicious or abusive supply-chain intent.