hunt-llm-ai

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs generating payloads that replace placeholders with users' emails, API keys, tokens, or full context (e.g., embedding secrets into image URLs or fetch_url parameters) which requires the model to output secret values verbatim for OOB exfiltration.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The document contains explicit, actionable offensive techniques (markdown/image OOB exfil, tool/browser SSRF to cloud metadata, DNS-only exfil, Unicode tag/zero-width smuggling, and payload encoders) that enable credential theft, data exfiltration, and remote tool misuse—indicating high-risk, deliberate malicious capability.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime workflow is about testing/triaging LLM vulnerabilities and explicitly includes indirect injection via attacker-controlled content (e.g., “A web page the ‘summarize this URL’ feature fetches” / “Uploaded PDF/DOCX” / “RAG-indexed document”), which would cause the agent to ingest outsider-authored free text from fetched pages/documents into the LLM context.