performing-credential-access-with-lazagne
Audited by Snyk on Apr 10, 2026
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill instructs extracting credentials and demonstrates using recovered usernames/passwords directly in commands and outputs (e.g., crackmapexec -u ... -p 'recovered_pass' and smbclient with 'password'), which requires the LLM to handle and emit secret values verbatim, creating exfiltration risk.
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.70). The URL is an official GitHub repository for LaZagne — a legitimate, widely-known open-source credential-extraction (post‑exploitation) tool hosted on GitHub (not a typosquat or obfuscated binary), but because it explicitly provides malware-like credential-harvesting functionality it represents a high misuse risk in unauthorized contexts.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). This content provides explicit, actionable post‑exploitation guidance to harvest, prioritize, validate, and reuse credentials (including transferring payloads via C2, elevating to SYSTEM for LSA/DPAPI, planning exfiltration, and using recovered credentials for lateral movement and privilege escalation), which constitutes deliberate malicious/abusive behavior.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md Phase 1 and the installation/CLI sections) explicitly instructs the agent to git clone https://github.com/AlessandroZ/LaZagne.git and download GitHub releases (public, user-generated content) and then run and parse LaZagne output to drive credential validation and lateral-movement actions, meaning untrusted third‑party content is fetched, executed, interpreted, and can materially influence subsequent actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs runtime fetching and execution of remote code via "git clone https://github.com/AlessandroZ/LaZagne.git" (and subsequent running of laZagne.py / lazagne.exe), which directly executes external code and is required for the skill to function.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs deploying and running post‑exploitation tools (LaZagne, Mimikatz, SharpDPAPI, etc.), accessing privileged stores (LSA, SAM, shadow, DPAPI) and using SYSTEM/administrator privileges—actions that require privilege escalation and compromise the machine state.
Issues (6)
Insecure credential handling detected in skill instructions.
Suspicious download URL detected in skill instructions.
Malicious code pattern detected in skill scripts.
Third-party content exposure detected (indirect prompt injection risk).
Unverifiable external dependency detected (runtime URL that controls agent).
Attempt to modify system services in skill instructions.