ad-trust-attack

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). Insecure — the prompt's commands explicitly require embedding sensitive values (passwords, krbtgt hashes/AES keys, trust keys, NTLM hashes, tokens) directly into CLI/PowerShell invocations and examples, which would force an LLM to handle or output secrets verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). 该文档是明确的恶意攻击指导：逐步说明如何窃取凭证（secretsdump/DCSync/mimikatz）、伪造/注入 Kerberos 票据（Golden/Diamond/Trust Ticket/ExtraSid）、实现跨域/跨林提权与横向移动、强制认证与捕获 TGT（PetitPotam/PrinterBug/DFSCoerce）、以及通过 MSSQL 链接/xp_cmdshell 等方式远程执行命令并规避检测，明显用于入侵与持久化，属于高危恶意行为。