exploit-db

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This content is high-risk: it explicitly documents weaponization and execution workflows (searchsploit → msfconsole and mapped MSF modules), shows exploit modification patterns that set LHOST/LPORT and alter shell commands (facilitating reverse shells/RCE and backdoors), and even advises defense-evasion checks (VT multi-scanner), all of which enable deliberate malicious exploitation and persistence despite being dual-use for legitimate testing.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — SKILL.md explicitly instructs the workflow to "Read comments/issues on GitHub PoC for known problems" and shows steps to view and mirror exploits with searchsploit (e.g., searchsploit -x, -m, -u), which requires fetching and interpreting public, user‑generated web content that can change subsequent actions.