testing-cors-misconfiguration

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These URLs contain explicit attacker/evil domains, typosquatted hostnames (e.g., target.example.com.evil.com, eviltarget.example.com), and internal/local addresses that are commonly used for CORS/XSS exploitation and for hosting exfiltration or malicious payloads — so while none are direct .exe/.msi download links, the set is highly suspicious and could be used to distribute or serve malware.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). Contains explicit exploit proof-of-concept HTML/JS that performs credentialed cross-origin requests to steal API responses and exfiltrates them to attacker-controlled endpoints, i.e., direct data exfiltration/credential theft functionality.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and inspects responses from arbitrary target web endpoints (see SKILL.md curl examples) and the runtime script scripts/agent.py (requests.get/requests.options) which parse untrusted response headers/bodies to determine severity and next actions, so third‑party content can materially influence the agent's decisions.