performing-content-security-policy-bypass

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is high-risk and intentionally malicious/dual-use: it contains explicit, actionable techniques and payloads to bypass Content Security Policy (CSP) protections to achieve XSS, leak nonces, abuse whitelisted JSONP/CDN endpoints, hijack base URIs, and exfiltrate sensitive data to attacker-controlled servers.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests content from arbitrary target URLs (see scripts/agent.py which GETs "{target}" and "{target}/api/v1/results") and the SKILL.md workflow shows curl commands to retrieve CSPs from external sites, and those fetched responses are parsed and used to populate findings and set the agent's risk-level, so untrusted third-party content can materially influence behavior.