auditing-entra-id-with-aadinternals
Fail
Audited by Snyk on Jun 23, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.70). These are mostly legitimate Microsoft endpoints, documentation, and GitHub/project pages for AADInternals and related tooling (dual‑use offensive PowerShell/Python code) — not typical obfuscated/malicious download-hosting sites, but they do host scripts/modules that can be used to perform high-impact attacks if downloaded and executed without authorization.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). This skill package explicitly documents and automates offensive Entra ID techniques—unauthenticated recon and user enumeration, access-token acquisition and caching, exporting AD FS token‑signing certificates, converting domains into federation backdoors, and forging SAML tokens (Golden SAML)—which are deliberate tools for credential theft, data/token exfiltration, persistent impersonation and remote access if used outside authorized testing.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Outsider free text is fetched from public Microsoft endpoints at runtime (e.g.,
getuserrealm.srfand/.well-known/openid-configuration), then parsed/printed as readable JSON/prose and thus fed into the agent context via the script’s output.
Issues (3)
E005
CRITICALSuspicious download URL detected in skill instructions.
E006
CRITICALMalicious code pattern detected in skill scripts.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata