exploiting-http-request-smuggling

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content contains explicit, actionable exploitation instructions and payloads (request smuggling probes, examples to bypass access controls, capture other users' requests/cookies, deliver XSS and poison caches, and header obfuscation techniques) that directly enable deliberate malicious abuse if used outside of authorized testing.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill actively fetches and parses responses from arbitrary public targets (see scripts/agent.py: identify_architecture calls requests.get(url) and send_raw_request opens sockets to the provided host/port, and SKILL.md/curl examples probe target.example.com), and those untrusted responses are interpreted to determine vulnerabilities and drive follow-up actions, so third‑party content can materially influence behavior.