red-teaming

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill contains explicit, operational instructions and tool recommendations enabling data exfiltration, backdoor/persistence installation, credential theft, remote command & control, evasion/anti-forensics, supply-chain poisoning, and LLM prompt‑injection/jailbreak techniques that can be directly repurposed for malicious attacks despite its red‑teaming framing.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 2 "Reconnaissance & Intelligence Gathering" explicitly requires OSINT from public records, social media, and company websites (and tools like Shodan/theHarvester/Amass referenced throughout), meaning the agent is expected to fetch and interpret untrusted third-party content that can materially influence planning and actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs offensive actions like installing backdoors, establishing persistence, privilege escalation and living‑off‑the‑land techniques—behaviors that require modifying system state (files, services, accounts) and thus push the agent to compromise the host.