testing-for-email-header-injection

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content is a dual‑use security-testing guide but contains explicit, actionable attack payloads (CRLF header injection, SMTP/IMAP command injection, MIME/body override, From/Reply‑To spoofing and a template payload to read process.env) that clearly enable spam relay, phishing, credential/environment-variable exfiltration and remote code execution techniques.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's agent posts to arbitrary target URLs and parses the HTTP responses to decide if injections succeeded (see scripts/agent.py _post/test_field_injection which inspects resp.text and SKILL.md curl examples targeting http://target.com), so it ingests untrusted third-party web content that can materially influence its actions.