performing-purple-team-exercise

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly directs fetching and executing Atomic Red Team installer/scripts from raw.githubusercontent.com (and references public GitHub/MITRE Caldera endpoints) as part of the required Step 3 workflow, meaning publicly-hosted, untrusted third-party content is ingested and executed and can directly influence tool behavior and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes a runtime PowerShell command that downloads and immediately executes remote code from https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1 (IEX (IWR ...)), which is a required dependency to install/execute Atomic Red Team tests and thus directly executes remote code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly directs running adversary-emulation actions (e.g., installing/running Atomic Red Team, Mimikatz LSASS dumps, creating scheduled tasks/services, registry persistence, shadow-copy deletion, PsExec) which perform privileged, state-changing operations on target hosts and thus would compromise the machine the agent runs on.