relaying-ntlm-for-adcs-esc8

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill correctly identifies itself as a red-teaming tool for authorized penetration testing. No malicious patterns targeting the user or their local environment were detected during the analysis.
  • [COMMAND_EXECUTION]: The orchestration script (scripts/agent.py) uses the subprocess module to manage execution of external security tools such as Certipy and Impacket. These calls are implemented using argument lists rather than shell-interpreted strings, which is a secure coding practice that effectively prevents command injection vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: The skill's documentation and requirements refer to well-known and trusted security tools hosted on GitHub (e.g., fortra/impacket, ly4k/Certipy). These are established projects in the cybersecurity community, and their inclusion is appropriate for the skill's stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 06:49 PM
Security Audit — agent-trust-hub — relaying-ntlm-for-adcs-esc8