hunt-source-leak

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs fetching, reconstructing, and printing files (e.g., .env, source maps, extracted source, grep results, head outputs) to discover API keys, tokens, and passwords, which requires the agent to handle and potentially output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document is an explicit offensive playbook for discovering and exfiltrating sensitive artifacts (source maps, .env, .git, swagger/openapi, build info), enabling credential theft, unauthorized access, and supply-chain compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). The required workflow performs runtime HTTP fetching of outsider-controlled web content (e.g., curl https://$TARGET/.env, /.git/HEAD, /swagger.json, and downloading *.js.map/swagger responses), and those fetched free-text/JSON bodies would be ingested into the agent’s LLM context via the subsequent parsing/printing steps (e.g., head, python3 -c extracting endpoints, and source-map sourcesContent extraction).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly installs and runs third‑party tooling at runtime (e.g., "pip3 install git-dumper" then running git-dumper) which fetches and executes remote code, and also references an external tool URL (https://github.com/lijiejie/ds_store_exp); therefore it has runtime external dependencies that execute remote code.