file-path-traversal

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs finding and exfiltrating files (e.g., /etc/shadow, private SSH keys, wp-config.php) and lists "Exploitation Proof — Extracted file contents" as a deliverable, which requires the LLM to output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document is a high-risk offensive guide that explicitly instructs attackers on file path traversal exploitation, data exfiltration (including sensitive system and credential files), and escalation to remote code execution (log poisoning, php:// wrappers), indicating deliberate malicious capability.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime workflow is explicitly about sending attacker-controlled traversal payloads (e.g., via Burp Intruder/ffuf/wfuzz) and then extracting “file contents” from the target; those extracted contents are outsider-authored free text from public/remote systems that the agent would ingest into its LLM context as part of the “Exploitation Proof”/reporting loop.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt gives explicit, actionable instructions to read sensitive system files and escalate LFI to remote code execution (log poisoning, php wrappers, executing system commands), enabling an attacker to exfiltrate or modify files and run commands on targeted hosts — which could be used against the agent's host if targeted.