performing-active-directory-bloodhound-analysis

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit plaintext credentials (e.g., "--ldappassword Password123" and "admin / bloodhound") and shows embedding credentials/tokens into command lines, which requires the LLM to handle/output secret values verbatim.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Most URLs are official BloodHound/SharpHound GitHub repos, docs and MITRE references (low risk), but the skill instructs downloading and executing offensive binaries (including AMSI-bypass snippets) and uses an opaque short URL (ghst.ly) to pipe remote content into docker—behaviors that pose a high risk because they fetch/execute remote code and obscure the payload source.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content contains explicit offensive Active Directory post-exploitation instructions (Kerberoasting, DCSync, PetitPotam, ACL abuse), an AMSI bypass snippet that deliberately evades detection, and references to in-memory/C2 execution and exfiltration workflows — all clear patterns that can be intentionally abused for malicious compromise and data theft.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains a runtime command that fetches and pipes remote content into Docker (curl -L https://ghst.ly/getbhce | docker compose -f
• up), which downloads and executes external code, so https://ghst.ly/getbhce is a risky runtime dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.95). The skill includes explicit AMSI bypass code, privileged commands (e.g., "sudo neo4j start"), and instructions to run SharpHound/collectors and in-memory tooling—actions that bypass security controls and require/encourage elevated privileges, so it does push the agent to compromise host state.