performing-web-application-firewall-bypass

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is high-risk: it is explicit offensive tooling and documentation designed to evade WAFs and deliver SQLi/XSS payloads (including examples like UNION SELECT password FROM users and JSON/encoding techniques) and includes an automated agent that actively probes targets — enabling credential theft and data exfiltration; while it does not contain an obvious hidden backdoor, remote shell, or external exfiltration endpoint, its deliberate instruction and automation for bypassing protections constitutes malicious intent.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's agent (scripts/agent.py) actively sends requests to arbitrary target URLs (e.g., http://target.com in SKILL.md) and reads/interprets the HTTP responses (status codes and body length) to determine and record "bypass" findings, which clearly consumes untrusted third‑party web content that can materially influence its decisions.