pentest-hacktricks-finder

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill explicitly instructs searching for and extracting payloads and methods to leak sensitive credentials and metadata (e.g., IMDS endpoints, AWS_CONTAINER_CREDENTIALS_RELATIVE_URI, SSRF payloads), which directly facilitates data exfiltration and credential theft even though no obfuscated backdoor code is present.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly searches and fetches pages from the public HackTricks wiki (https://book.hacktricks.wiki/en/) using web_search_exa / DuckDuckGo and the required web_fetch step, and instructs the agent to extract and act on payloads, bypasses, and steps from those untrusted third‑party pages (see "Scope Guardrails", "Fetch" and "Extract" in SKILL.md), which could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires using web_fetch at runtime to retrieve pages under https://book.hacktricks.wiki/en/, and that fetched content is extracted and injected into the agent's response (payloads/steps), so remote pages from that URL directly influence the agent's instructions and outputs.