recovering-from-ransomware-attack

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit plaintext passwords and PowerShell commands that set secrets verbatim (e.g., krbtgt resets with "NewKrbtgt2026!Complex#1"/"NewKrbtgt2026!Complex#2"), which requires the LLM to output or reproduce secret values directly.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I scanned the full prompt for literal, high-entropy values that would qualify as real, usable credentials. The only direct, non-placeholder password-like literals are:
• "NewKrbtgt2026!Complex#1"
• "NewKrbtgt2026!Complex#2"

These are assigned as krbtgt passwords via Set-ADAccountPassword in a PowerShell snippet. They are literal, reasonably complex strings (not placeholders or obviously-example labels) and thus meet the definition of a secret in this policy (high-entropy, actual password values that would grant access if used).

Items I ignored and why:

• VLAN, IP addresses (10.99.0.0/24, 10.99.0.10-20, etc.) — not secrets.
• Hostnames and service names (esxi01.recovery.local, DC01, backup paths, etc.) — not secrets.
• The use of (New-Guid).Guid to generate passwords — runtime-generated, not a static leaked secret.
• Commands, tool names, and other configuration values (wbadmin version timestamps, VLAN IDs) — documentation/config, not credentials.
• No API keys, tokens, or private key blocks were present.

Because the two krbtgt password literals are direct password values embedded in the doc, they should be treated as hardcoded secrets.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill contains explicit privileged, state-changing instructions (DSRM restores, resetting krbtgt and admin passwords, promoting DCs, mounting backups, starting VM restores, configuring VLAN/firewall rules, installing updates) that would modify system files, accounts, and network state and therefore push an agent to perform actions requiring sudo/administrator privileges.