Skills
skills/wgpsec/aboutsecurity/post-exploit-windows/Gen Agent Trust Hub

post-exploit-windows

Fail

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides an extensive library of commands designed to exploit Windows systems. This includes techniques for bypassing User Account Control (UAC) via registry manipulation (e.g., fodhelper.exe), abusing unquoted service paths, and hijacking high-privilege services to gain SYSTEM-level access.
  • [CREDENTIALS_UNSAFE]: The skill contains hardcoded passwords for backdoor accounts (e.g., 'Password123!') in references/windows-privesc.md. It also provides comprehensive instructions for extracting sensitive credentials, including dumping SAM and SYSTEM registry hives, harvesting LSASS memory, and retrieving plaintext passwords from browser storage, WiFi profiles, and PowerShell history files.
  • [DATA_EXFILTRATION]: Instructions are provided in references/windows-credential.md for dumping sensitive system databases and memory files (such as lsass.dmp) to disk with the explicit intent of downloading them for offline analysis and cracking.
  • [REMOTE_CODE_EXECUTION]: The skill guides the user through generating malicious payloads, such as reverse shell MSI packages using msfvenom, and executing them with high privileges on the target host as seen in references/windows-privesc.md.
  • [EXTERNAL_DOWNLOADS]: The instructions frequently reference and recommend downloading and executing various third-party binary tools, such as the 'Potato' series of exploits (GodPotato, PrintSpoofer, etc.) and auditing tools like winPEAS and Seatbelt, to facilitate automated privilege escalation.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes untrusted data from the local file system without adequate safeguards.
  • Ingestion points: Data enters the context via commands like type, dir, and reg query in references/windows-credential.md and references/windows-privesc.md.
  • Boundary markers: None; there are no delimiters or instructions to treat command output as untrusted data.
  • Capability inventory: The skill possesses significant capabilities including registry modification, service management, and arbitrary command execution across all provided script files.
  • Sanitization: No evidence of output validation, escaping, or filtering of content retrieved from the host system.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 22, 2026, 10:08 AM