api-fuzzing-bug-bounty

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content contains explicit, actionable instructions for unauthorized data exfiltration (iplogger, SMB/UNC callbacks), remote command execution and injection payloads, SSRF/LFI techniques to read sensitive files, and evasion methods (IP rotation, rate-limit bypass) that are clearly usable for malicious compromise and data theft.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Core Workflow explicitly instructs fetching and parsing OpenAPI/Swagger files (e.g., /swagger.json, /openapi.json) and checking archive.org snapshots to extract paths and drive fuzzing, meaning the agent would ingest untrusted public third-party content (target-hosted docs and archive.org) that can materially influence subsequent tool actions.