impacket-toolkit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt repeatedly shows and instructs embedding plaintext credentials and NTLM hashes directly in command-line invocations (e.g., DOMAIN/user:password@TARGET, -hashes :NTLM_HASH), which would require the LLM to include secret values verbatim when generating commands.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is an explicit how-to for Windows post‑exploitation: it documents credential theft (secretsdump, DCSync, Kerberoasting, AS‑REP roasting), NTLM relay attacks, and remote code execution/lateral movement (psexec/wmiexec/dcomexec/atexec, ntlmrelayx+Responder), indicating clear malicious intent and high abuse potential.