skills/mukul975/anthropic-cybersecurity-skills/auditing-entra-id-with-aadinternals/Gen Agent Trust Hub
auditing-entra-id-with-aadinternals
Fail
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The helper script
scripts/agent.pyusessubprocess.runto execute PowerShell commands constructed from user-supplied input viaargs.cmdletandargs.args. The script fails to sanitize these inputs, allowing an attacker to execute arbitrary shell commands on the host system. - [EXTERNAL_DOWNLOADS]: The skill references and promotes the use of the
AADInternalstoolkit, specifically linking toaadinternals.com. This domain and its subpaths (e.g.,/aadinternals/,/post/aadbackdoor/) have been flagged as malicious by automated reputation scanners. - [EXTERNAL_DOWNLOADS]: The skill instructs the user to download and install third-party modules from the public PowerShell Gallery (
Install-Module AADInternals), which introduces external dependency risks and potential supply chain vulnerabilities if the package is compromised. - [COMMAND_EXECUTION]: The instructions explicitly guide users through the establishment of federation backdoors and the forgery of SAML tokens (Golden SAML). While intended for auditing, these high-risk operations can be used to achieve persistent, unauthorized administrative access to identity tenants.
Recommendations
- CRITICAL: 2 infected file(s) detected - DO NOT USE
- AI detected serious security threats
- Contains 4 malicious URL(s) - DO NOT USE
Audit Metadata