pt-lotl-techniques
Warn
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Instructions include using native system binaries and scripting engines such as PowerShell, mshta, python3, and perl to execute arbitrary code and commands.\n- [COMMAND_EXECUTION]: Describes techniques for lateral movement and privilege escalation, including PsExec, WMI remote execution, and sudo abuse.\n- [COMMAND_EXECUTION]: Details persistence mechanisms such as modifying crontab, systemd units, registry run keys, and scheduled tasks.\n- [DATA_EXFILTRATION]: Outlines methods for data staging and exfiltration using built-in utilities like certutil, bitsadmin, curl, wget, and netcat.\n- [CREDENTIALS_UNSAFE]: Instructs the agent to access memory-resident credentials and search configuration files for sensitive data.\n- [PROMPT_INJECTION]: The skill demonstrates an attack surface for indirect prompt injection by ingesting external engagement context and target lists.\n
- Ingestion points: Engagement context and target list inputs.\n
- Boundary markers: Absent.\n
- Capability inventory: Full shell command execution (PowerShell, bash), persistence mechanisms (registry, crontab), and network capabilities (curl, nc).\n
- Sanitization: Absent.
Audit Metadata