The Agent Skills Directory

[COMMAND_EXECUTION]: The skill generates PowerShell scripts that interact with the Active Directory module to create users (New-ADUser), register SPNs (Set-ADUser), and modify ACLs (Set-Acl). These operations are necessary for deploying deception objects and require high-level administrative privileges, which is clearly documented in the skill's prerequisites.
[EXTERNAL_DOWNLOADS]: The documentation references established cybersecurity research and articles from well-known security domains (e.g., adsecurity.org, trimarcsecurity.com, specterops.io) to provide context and methodologies for the implemented deception techniques. These are informational references and do not involve the download of untrusted code.
[CREDENTIALS_UNSAFE]: The Python agent and generated scripts contain hardcoded passwords and a publicly known encryption key (GPP_AES_KEY_B64) associated with legacy Microsoft Group Policy Preferences. These are functional components of the honeytoken trap mechanisms and do not represent the exposure of real production secrets.
[SAFE]: The skill follows security best practices for its intended use case, including the generation of strong random passwords for service accounts and the use of SACL auditing (Event ID 4662/4769) to provide high-fidelity detection signals without introducing hidden malicious behaviors.

deploying-active-directory-honeytokens