skills/mukul975/anthropic-cybersecurity-skills/recovering-from-ransomware-attack/Gen Agent Trust Hub
recovering-from-ransomware-attack
Fail
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The SKILL.md file contains hardcoded passwords ('NewKrbtgt2026!Complex#1' and 'NewKrbtgt2026!Complex#2') within the Active Directory recovery procedure for the krbtgt account. Providing literal strings for sensitive account resets is a security risk as it encourages the use of predictable credentials in production environments.
- [COMMAND_EXECUTION]: The skill provides numerous high-privilege shell and PowerShell commands for system restoration, Active Directory modification (Set-ADAccountPassword, Import-Module ActiveDirectory), and infrastructure reconfiguration (wbadmin, dcdiag, Start-VBRInstantRecovery). These commands require administrative access and modify core system state.
- [SAFE]: The skill references documentation and standards from well-known organizations including CISA, NIST, and Microsoft, and uses them for legitimate guidance without malicious external downloads.
Recommendations
- AI detected serious security threats
Audit Metadata