exploiting-constrained-delegation-abuse

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes examples that embed plaintext passwords and NTLM hashes directly in command-line invocations (e.g., 'Password123', 'ServicePass123', ':a1b2...') and instructs using them verbatim with tools like Impacket and Rubeus, which requires the LLM to handle and output secret values directly, creating exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content explicitly provides actionable offensive techniques and automation to impersonate privileged users via S4U2self/S4U2proxy, obtain service tickets, perform DCSync/secrets dumping and escalate to full domain compromise, i.e., deliberate credential theft and privilege escalation for malicious use.