Can malware steal domain administrator credentials?
When you do Enter-PSSession
, your credentials aren't sent to remote machine. PowerShell remoting uses Kerberos and your credentials are available to KDC only, remote system doesn't see them. Of course, as long as you do not use CredSSP, which will pass your credentials to remote host and is subject for credential compromise.
Can a malware use my session to access other workstations or a domain controller?
no. When you are authenticated to remote server you present session ticket that is intended only for that specific host. No other host would accept it.