detecting-kerberoasting-attacks
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides forensic analysis tools intended for threat hunting. The primary functionality involves parsing local Windows Event Log (EVTX) files and searching for known patterns of Kerberoasting (e.g., RC4 encryption types in TGS requests).
- [SAFE]: No network operations were detected in the Python scripts. The scripts
scripts/agent.pyandscripts/process.pyonly perform local file I/O for reading logs and writing reports. - [SAFE]: The Python dependencies identified (
python-evtxandlxml) are legitimate libraries commonly used for forensic XML and event log parsing. - [SAFE]: The skill instructions and metadata are consistent with its stated purpose, with no evidence of prompt injection or deceptive content.
- [SAFE]: Indirect prompt injection risks are low; while the skill processes external log data, it does not use that data to drive agent actions or perform sensitive network/command operations.
Audit Metadata