responder-poison

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content provides explicit, actionable instructions for LLMNR/NBT-NS/MDNS poisoning, NTLMv2 credential capture, WPAD abuse, and relaying/cracking captured hashes for credential theft and lateral movement—clearly deliberate malicious behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs the agent to run Responder/ntlmrelayx (network listeners/poisoning) and edit Responder.conf—actions that modify system/network state and typically require elevated privileges to bind interfaces and perform attacks, so it directs the agent to compromise the host environment.