azure-hybrid-lateral

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs extraction of plaintext secrets/tokens and shows commands that embed those secrets verbatim (e.g., Authorization: Bearer , --prt , --certpass ), so an agent following it would need to handle and output secret values directly, creating high exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is a comprehensive offensive playbook that explicitly documents credential theft, persistent backdoor installation (e.g., PTASpy, DLL tampering), token/session hijacking (PRT/cookie/Golden SAML), and step-by-step lateral movement and persistence techniques intended to enable unauthorized access and control of hybrid Azure/AD environments.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs installing and importing the AADInternals PowerShell module at runtime (Install-Module -Name AADInternals), which fetches and executes code from the PowerShell Gallery (https://www.powershellgallery.com/packages/AADInternals) and is relied upon by multiple techniques in the skill.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt contains explicit, actionable offensive commands that install modules and backdoors, extract credentials from LSASS/DPAPI, export private certs, register agents and modify user/group/SID data — all operations that require elevated privileges and would change or compromise the host/system state if executed.