security-payloads

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Most links point to reputable security-research sources (GitHub SecLists, HackerOne, secgeek) but the set includes direct HTTP links to a personal host serving a SWF plus curated payloads (EICAR, crafted zips, exploit images and filename payloads) which can contain or trigger malware/exploits, so the collection is potentially dangerous and should be treated as suspicious for distributing malicious payloads.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The repository intentionally contains curated exploit payloads (EICAR test, filename-based command-injection (hostname, $(hostname)), null‑byte filename with embedded PHP, XSS‑capable SWF, crafted images for DoS, long/path‑traversal filenames, etc.) that are explicitly designed to trigger RCE/XSS/DoS and bypass filtering — clearly actionable for malicious exploitation and therefore high risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime workflow reads outsider-authored free text from the bundled SecLists reference files (e.g., references/Payloads/README.md and other payload README/content) into the agent context via the example open(...).read()/f.read().splitlines() path, which is not authored by the operating user.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

• Hidden Unicode characters detected (1 type(s) found)