executing-red-team-exercise

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content explicitly provides actionable instructions for building C2 infrastructure, implants, phishing/supply-chain/physical initial access, credential theft (LSASS dumping, Kerberoasting), persistence, defense-evasion (AMSI/ETW bypass, signed proxy execution), and data exfiltration — all of which enable real-world backdoors and malicious operations if used without strict authorization.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill programmatically downloads the public MITRE ATT&CK STIX bundle from https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json (see load_attack_techniques in scripts/agent.py and the API reference), and the agent directly parses that external JSON to select techniques and build operation plans that materially influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The agent's load_attack_techniques function fetches the MITRE ATT&CK STIX bundle at runtime from https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json and parses that data to build the operation plan (i.e., the external JSON directly shapes the agent's output/instructions), so this runtime URL is a required external dependency that controls the agent's behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs developing and deploying implants, persistence mechanisms, and security bypasses (AMSI/ETW patching, registry modifications, C2 deployment), which direct an agent to modify system state and circumvent protections.