responder-poison
Fail
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions to execute Responder and ntlmrelayx.py for network poisoning and authentication relaying. It specifically details how to execute arbitrary commands on remote network targets using the relay mechanism (e.g., ntlmrelayx.py -c 'whoami').
- [DATA_EXFILTRATION]: The skill is designed to capture NTLMv2 authentication hashes from network broadcast traffic. It also provides commands to extract local credential databases (SAM) from remote systems using ntlmrelayx.py with the --sam flag.
- [EXTERNAL_DOWNLOADS]: The skill references the Responder tool hosted on GitHub (lgandx/Responder) as an external dependency.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. 1. Ingestion points: Network broadcast traffic (LLMNR, NBT-NS, MDNS) processed by Responder in the interactive session. 2. Boundary markers: None present. 3. Capability inventory: Use of interactive_session to execute shell commands and manage listener processes. 4. Sanitization: No sanitization of captured network data before logging or relaying.
Recommendations
- AI detected serious security threats
Audit Metadata