skills/mukul975/anthropic-cybersecurity-skills/performing-active-directory-bloodhound-analysis/Gen Agent Trust Hub
performing-active-directory-bloodhound-analysis
Fail
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: In
SKILL.md, the command `curl -L https://ghst.ly/getbhce | docker compose -f - up` downloads and executes a script from an external shortened URL.
- [COMMAND_EXECUTION]: In
SKILL.md, the skill provides a PowerShell command using string obfuscation ('Am' + 'siUtils') to disable the Antimalware Scan Interface (AMSI). - [CREDENTIALS_UNSAFE]: Example commands in
SKILL.mdfor SharpHound include cleartext passwords passed as CLI arguments. - [DATA_EXFILTRATION]: The skill guides the user to collect sensitive domain structure data and exfiltrate it as ZIP archives.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection in
scripts/process.py, which ingests untrusted JSON data; it lacks boundary markers and sanitization while possessing file system write and delete capabilities.
Recommendations
- AI detected serious security threats
Audit Metadata