wordlists

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is high-risk: it explicitly documents and automates credential cracking and brute‑force workflows (hydra, hashcat, rockyou, WPA masks), targeted wordlist generation (CeWL, corporate generator), and automated discovery/enumeration (ffuf, feroxbuster, cme) — patterns that strongly indicate deliberate offensive/abusive activity even though no hidden backdoor or covert exfiltration code is present.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs crawling arbitrary public websites with CeWL (e.g., "cewl $URL -d 3 ...") and using that extracted, untrusted site content as wordlists that feed subsequent cracking/fuzzing tools, so third-party web content can directly influence tool behavior.