dma-attack-techniques

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content contains explicit, actionable instructions and tooling for PCIe/FPGA DMA attacks (arbitrary physical memory read/write, virtual-to-physical translation, device emulation, anti-detection, wireless/remote DMA, and SMM techniques) that directly enable data exfiltration, credential theft, stealthy remote access and system compromise, so it is highly weaponizable and malicious in intent.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md "Data Source" section explicitly instructs the agent to fetch and use content from public raw.githubusercontent.com URLs (e.g., the README, archive, and description endpoints), which are untrusted, user-generated third-party pages the agent will read and act on when answering user queries.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and inject remote content at runtime from raw GitHub URLs (e.g. https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/README.md and the described archive/description raw.githubusercontent.com URLs), meaning external content is fetched during runtime and directly used to control the agent's responses.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs active DMA read/write commands, FPGA/firmware device-emulation and anti-detection techniques (including device ID spoofing and SMM-level methods) that enable direct modification of physical memory and hardware state, i.e. actions that would compromise the machine.