redteam-mindset

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly tells the agent to harvest, decode, "GET" and "pass back" tokens/credentials and to record full request/response PoC artifacts (e.g., payload fields in the JSONL journal), which requires the LLM to handle and potentially emit secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The document is a high-risk offensive playbook: it explicitly advises ignoring mid-engagement permission checks, harvesting secrets from JS/APKs, credential attacks, exfiltration (OOB DNS callbacks, DB dumps), SSRF to cloud metadata → IAM, RCE/ webshell installation, persistence techniques, IP rotation/captcha-solver evasion, and sister-app sweeping — all clear instructions for deliberate malicious access and data theft that would be easily abused if out of authorized-context.