hunt-auth-bypass

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs capturing and replaying sensitive values (SAMLResponse base64 blobs, bearer tokens, cookies, native credentials) and embedding them verbatim into commands/code (curl, Python prints), which requires the LLM to handle/output secrets directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document provides explicit, actionable instructions and payloads for unauthorized authentication bypass (SAML/JWT forgery, XMLRPC/legacy endpoint abuse, credential-stuffing via system.multicall), session-fixation/subdomain-takeover persistence, and token/cookie replay enabling account takeover, privilege escalation and likely data exfiltration — a high-risk malicious playbook.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

• Hidden Unicode characters detected (1 type(s) found)