adinfo-enum
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides multiple shell command templates for executing the
adinfoutility to collect information from domain environments.- [CREDENTIALS_UNSAFE]: The usage guidelines instruct the user or agent to pass domain passwords and NTLM hashes directly as command-line arguments (e.g.,-p passwordand-H NTLM_HASH), which exposes sensitive credentials to local logging and process monitoring tools.- [EXTERNAL_DOWNLOADS]: The skill promotes the use of a tool hosted on a third-party GitHub repository (github.com/lzzbb/Adinfo) that does not belong to a trusted organization or well-known service.- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection through its information-gathering workflow: - Ingestion points: Untrusted data enters the agent context when it reads the output of the
adinfotool, which parses objects from an Active Directory environment. - Boundary markers: The instructions do not define delimiters to separate the tool's output from the agent's internal logic or following instructions.
- Capability inventory: The agent is authorized to execute follow-on shell commands (e.g.,
GetUserSPNs.py,GetNPUsers.py) based on the gathered information. - Sanitization: There is no implementation of sanitization or validation for the strings retrieved from the external AD environment before they are processed by the agent.
Audit Metadata