conducting-internal-reconnaissance-with-bloodhound-ce

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that pass plaintext passwords on the command line (e.g., bloodhound-python -u user -p 'Password123') and instructs reading initial admin passwords from logs, which requires handling/exposing secrets verbatim and is therefore insecure.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content explicitly instructs and supplies tooling to perform Active Directory reconnaissance, credential harvesting (SharpHound / bloodhound-python usage), and data exfiltration from compromised hosts to enable privilege escalation and lateral movement—high-risk offensive behavior despite a legal notice; the included scripts facilitate collection and Neo4j queries but contain no hidden backdoor or obfuscated payloads.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow's Phase 1 deployment step explicitly runs curl -L https://ghst.ly/getbhce -o docker-compose.yml and then docker compose up -d, which fetches and executes an external/open-web docker-compose file (untrusted third-party content) as a required runtime step and therefore can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The deployment step uses a runtime curl to fetch and write a docker-compose file from https://ghst.ly/getbhce which is then executed via docker compose up, so this external URL directly supplies executable configuration/containers the skill relies on.