ctf-ai-ml

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is an explicit offensive/abusive how-to containing concrete techniques and code for data exfiltration, remote code execution via tool-injection, backdoor creation/poisoning, credential theft (e.g., SSRF to metadata), and obfuscation/token-smuggling—all deliberate malicious patterns and high-risk abuse vectors.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's llm-attacks.md and SKILL.md explicitly instruct fetching and summarizing external web pages and API endpoints (e.g., the "Indirect Prompt Injection" examples that poison web pages/zero-width encodings and the "Tool Use Exploitation"/curl/request.post examples), so the agent is expected to ingest untrusted, user-controlled third‑party content that can influence tool calls and subsequent actions.