exploiting-insecure-deserialization

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). Yes — the list contains attacker-controlled callback domains (abc123.oast.fun) and endpoints clearly used for remote-code-execution testing together with exploit-tool repositories (ysoserial, ysoserial.net, phpggc) and target API endpoints, indicating these are exploit-related and could be used to deliver or verify malicious payloads.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content explicitly provides step-by-step exploit tooling and payloads to achieve remote code execution (ysoserial/phpggc/ysoserial.net), out‑of‑band callbacks and data exfiltration (curl/nslookup to attacker domains), and examples of reverse shells and credential/data exfiltration—clear instruction for offensive/backdoor behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and parses arbitrary target web content (cookies and HTTP response bodies) as part of its workflow—see scripts/agent.py functions scan_cookies/scan_response_body and SKILL.md Step 1—which exposes the agent to untrusted third-party/user-generated content that can influence subsequent tests and payloads.