exploiting-broken-link-hijacking

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content explicitly instructs how to discover and exploit broken link and subdomain takeover vulnerabilities — including claiming expired domains, provisioning cloud resources (S3, GitHub Pages), and serving JavaScript — which directly enables supply-chain attacks, XSS, phishing, and other malicious activity despite an authorization notice.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and agent code explicitly fetch and parse arbitrary public web pages (SKILL.md curl/Wayback steps and scripts/agent.py's requests.get + HTML extraction and HEAD checks) and interpret error messages and link content (e.g., searching for "NoSuchBucket" / "There isn't a GitHub Pages site here") to decide and drive follow-up actions, so untrusted third‑party content can materially influence behavior.