hunt-lfi

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to read sensitive files (e.g., .env, wp-config.php, ~/.aws/credentials) and explicitly to "show real contents" and include recovered secrets/credentials as proof in write-ups, which requires the LLM to output secret values verbatim.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These URLs include remote "shell" endpoints and RFI-style parameters (http://OOB-HOST/shell.txt, http://OOB/shell, ?file=FUZZ) and other personal/OOB hosts which are common vectors for hosting/executing malicious payloads (even though the GitHub repo listed is a legitimate security tool), so the set overall is highly suspicious for malware/RFI use.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document is an explicit offensive LFI/path-traversal playbook that instructs how to read sensitive files, exfiltrate secrets (OOB callbacks/Burp Collaborator), steal credentials, and achieve remote code execution (php://filter chains, RFI, log/session poisoning), enabling clear malicious abuse and system compromise.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The guide explicitly instructs cloning and running remote code at runtime (git clone https://github.com/synacktiv/php_filter_chain_generator then python3 php_filter_chain_generator.py) which fetches and executes external code to generate payloads used for RCE, so this is a runtime external dependency that executes remote code.