coercing-authentication-with-coercer-petitpotam
Fail
Audited by Snyk on Jun 23, 2026
Risk Level: CRITICAL
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill instructs the agent/user to pass plaintext credentials (e.g., -u and -p 'Passw0rd!') directly on command lines and to collect/use domain passwords and keys verbatim in commands and tools, which requires the LLM to handle/output secret values exactly and thus poses a high exfiltration risk.
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.90). Yes — several URLs point to offensive-security tooling on GitHub (Coercer, PetitPotam, Impacket, Certipy) and internal AD CS endpoints (e.g., CA.CORP.LOCAL/certsrv) that are legitimate research tools but are commonly used to coerce authentication, perform NTLM relay/ESC8 chains, and could be used to distribute or enable malware/domain compromise (the Apache, MITRE, NIST, and TheHacker.Recipes links are benign documentation).
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). This content explicitly documents and automates offensive techniques—RPC-based forced authentication (PetitPotam/Coercer) combined with NTLM relay (ESC8/LDAP relay) to obtain DC certificates, perform DCSync or RBCD, and thus enable full domain compromise—so it embodies deliberate malicious behavior despite an "authorized use" notice.
Issues (3)
W007
HIGHInsecure credential handling detected in skill instructions.
E005
CRITICALSuspicious download URL detected in skill instructions.
E006
CRITICALMalicious code pattern detected in skill scripts.
Audit Metadata