ad-domain-attack

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt repeatedly shows and instructs using plaintext credentials, tokens, and hashes directly in command-line arguments and commands (e.g., -u USER -p PASS, DOMAIN/USER:PASS, -H NTLM_HASH, set password "NewP@ss123"), which requires the LLM to handle and output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is a clear, purposeful offensive playbook for compromising Active Directory domains — it provides explicit commands and tooling for credential theft (LSASS dump, AS-REP/Kerberoast), privilege escalation (DCSync, ACL/RBCD abuse, ZeroLogon, noPac), persistence/backdoors (Golden/Silver tickets, Shadow Credentials, GPO abuse), and lateral/remote compromise, and is therefore intentionally malicious.