hunt-xxe

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs crafting XXE payloads to exfiltrate local files and cloud metadata and requires demonstrating/including the retrieved file contents or IAM credentials (e.g., /etc/passwd, IMDS responses) in reports, which forces the LLM to handle and output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document is an explicit, high-risk exploitation guide for XXE that supplies ready-to-use payloads and workflows for data exfiltration, credential theft, blind OOB callbacks (SSRF), and RCE, indicating deliberate malicious intent and abuse capability.