performing-physical-intrusion-assessment

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). Yes — the first URL is a direct PowerShell stager (.ps1) served from a "c2" subdomain (typical command-and-control naming) and is a high‑risk executable download; the MITRE ATT&CK link is benign documentation but does not mitigate the danger of the .ps1 URL.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content provides explicit, actionable instructions for unauthorized physical intrusion and remote compromise (tailgating, badge/RFID cloning, lock bypassing, dumpster diving) and includes clear backdoor/exfiltration mechanics (LAN Turtle reverse-SSH to c2.redteam.com, WiFi Pineapple evil‑twin capture, USB Rubber Ducky PowerShell stager downloading from https://c2.redteam.com/stager.ps1), which enable credential theft, remote code execution, persistent implants and data exfiltration and are therefore high-risk and easily abuseable.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt contains explicit, actionable instructions and code to deploy rogue devices and payloads (e.g., LAN Turtle reverse-SSH, USB Rubber Ducky PowerShell stager, badge cloning and device configuration) that instruct executing remote code and establishing backdoors—i.e., modifying a machine's state and enabling compromise.