vuln-research

SUSPICIOUS/HIGH-RISK skill. Its footprint is coherent with its stated purpose, but that purpose is to equip an AI agent for offensive security research and exploit development, including autonomous multi-agent discovery. Install trust concerns are moderate rather than primary; the main risk is enabling offensive actions and exposing the agent to untrusted-content-driven prompt injection during code analysis.

This fragment serves as a risk-oriented inventory of .NET sinks and exploitation surfaces rather than a runnable component. It signals high-risk patterns that warrant strict hardening in any dependent packages (deserialization safeguards, input validation, restricted WebRequest usage, and avoidance of dynamic code execution in untrusted contexts). Treat as a guidance artifact to audit dependencies and enforce secure defaults, rather than an indicator of confirmed malware within a specific codebase.

The fragment serves as a comprehensive risk taxonomy for Java sinks and gadget chains. It does not contain executable payloads, but it highlights numerous pathways where untrusted inputs could lead to remote code execution, data leakage, or other security breaches if integrated into real applications. Treat this as a checklist for dependency reviews: enforce strict deserialization controls, disable or tightly constrain dangerous evaluation and reflection features, validate all external inputs, and audit dependencies for gadget-chain exposure. Overall risk is moderate-to-high given the breadth of sinks; actionable mitigations should be implemented before integrating dependencies or enabling these features in production.