pt-lotl-techniques

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly instructs capturing full command lines and outputs and includes "credential access" and "checking config files for embedded secrets" as techniques, which would require the agent to read and record secret values verbatim in its evidence/report, creating an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is a high-risk, dual‑use offensive playbook that explicitly documents and prescribes techniques for credential theft, lateral movement, persistence, remote code execution and data exfiltration using native OS tools, and thus can be readily repurposed to create backdoors or enable unauthorized compromise outside an authorized testing context.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs creating/modifying persistence mechanisms (services, systemd units, cron, registry run keys, SSH authorized_keys), using sudo abuse and lateral-movement techniques—actions that change system state and require/encourage privileged access.