ad-domain-attack
Warn
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides extensive command templates for tools such as Impacket, NetExec, BloodHound, and Kerbrute to perform domain enumeration and lateral movement.
- [CREDENTIALS_UNSAFE]: Instructions are included for accessing and dumping sensitive files and memory regions, specifically targeting SAM hives (sam.hiv), SYSTEM hives (sys.hiv), and LSASS memory dumps (lsass.dmp) for credential extraction.
- [DATA_EXFILTRATION]: Provides commands for extracting Active Directory secrets, including the NTDS.dit database and domain-wide NTLM hashes via DCSync, which are used for creating persistent access tokens like Golden Tickets.
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface where the agent processes untrusted data. 1. Ingestion points: Results from network enumeration tools like bloodhound-python and ldeep (SKILL.md). 2. Boundary markers: None present in the instructions. 3. Capability inventory: Extensive command execution capabilities including impacket and bloodyAD scripts (references/domain-escalation.md). 4. Sanitization: No evidence of output validation or filtering of external tool results.
Audit Metadata