bb-methodology

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The methodology demands "exact HTTP requests" and paste‑into‑shell reproduction commands and explicitly discusses extracting/verifying keys/metadata credentials, which can push an agent to include secret values verbatim in PoCs or reports (high exfiltration risk).

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill content contains explicit, actionable instructions for data exfiltration (OOB callbacks, SSRF to cloud metadata), credential theft, chaining to RCE/web shells, and techniques to bypass defenses — patterns that clearly enable deliberate malicious compromise beyond benign testing guidance.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs fetching and analyzing open web content (e.g., Phase 1 recon: "Google Dorks -> JS file download -> Hidden param discovery" and the tool list: gau/waymore/katana, plus Phase 2 "Download and analyze JS files for hidden routes, secrets, logic"), which requires ingesting untrusted public websites/JS/archives that the agent must read and use to drive subsequent tool choices and actions.