relaying-ntlm-for-adcs-esc8
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill correctly identifies itself as a red-teaming tool for authorized penetration testing. No malicious patterns targeting the user or their local environment were detected during the analysis.
- [COMMAND_EXECUTION]: The orchestration script (
scripts/agent.py) uses thesubprocessmodule to manage execution of external security tools such as Certipy and Impacket. These calls are implemented using argument lists rather than shell-interpreted strings, which is a secure coding practice that effectively prevents command injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: The skill's documentation and requirements refer to well-known and trusted security tools hosted on GitHub (e.g.,
fortra/impacket,ly4k/Certipy). These are established projects in the cybersecurity community, and their inclusion is appropriate for the skill's stated purpose.
Audit Metadata