kerberoast-attack

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes many commands that embed plaintext credentials as arguments (e.g., DOMAIN/user:pass, -w "pass", -u user -p pass, -p 'cracked_pass'), so an agent following it would need to accept and reproduce secret values verbatim in generated commands/outputs, creating an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This is an explicit offensive playbook that provides step‑by‑step instructions and OPSEC guidance to steal credentials, request/forge Kerberos tickets, escalate privileges (including GenericWrite/RBCD), move laterally and persist (Silver/Diamond tickets), i.e. clear guidance for unauthorized domain compromise and credential theft.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's references/hash-cracking.md explicitly instructs crawling a public website ("cewl https://www.target-corp.com -d 3 -m 5 -w company_words.txt") to harvest third-party web content for dictionary generation, which the workflow uses to drive cracking decisions and tool usage, exposing the agent to untrusted external content.