hunt-file-upload

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). Yes — these URLs are highly suspicious because they include internal IMDS endpoints (169.254.169.254), attacker-controlled collaboration hosts and SSRF endpoints (COLLAB_HOST, ffmpeg‑ssrf, imagemagick‑ssrf), target upload/HTML-to-PDF/import endpoints, and a GitHub PoC repo for CVE-2023-4863, all of which are common indicators of exploit payloads/SSRF/file‑upload abuse and potential malware distribution.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The document contains explicit, actionable offensive techniques (web-shell upload patterns, SSRF payloads targeting cloud metadata for credential exfiltration, archive zipslip/symlink attacks, stored-XSS exfiltration, and remote-code-execution payloads and tooling), indicating clear malicious intent and high risk for abuse.