fscan

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This README documents a dual‑use intranet scanning/exploitation tool that explicitly supports credential brute‑forcing, remote command execution, vulnerability exploitation (e.g., MS17-010), and techniques to install SSH access (e.g., writing a public key to Redis), which strongly enable unauthorized access and backdoor installation and are high risk for abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly describes web-probing features (under "Web探测功能" and examples using -h targets and Xray POC) that fetch and interpret content from arbitrary/public websites and hosts, so the agent will consume untrusted third-party content as part of its workflow.