offensive-wpa3-sae

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill is explicit offensive guidance for compromising WPA3/WPA2 networks (downgrade, Dragonblood side‑channels to recover passphrases, handshake capture/cracking, and SAE auth flooding DoS), i.e., it directly facilitates credential theft and denial‑of‑service; it does not, however, contain hidden backdoor code, remote shells, data exfiltration endpoints, or obfuscated payloads.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs the operator to git-clone and run public GitHub tools (e.g., "git clone https://github.com/vanhoefm/dragonblood" and run dragontime.py/dragondrain.py), meaning the skill's workflow fetches and executes untrusted, user-hosted third-party content whose outputs are expected to be interpreted and can materially influence next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs cloning and running code from https://github.com/vanhoefm/dragonblood (git clone ...; python dragontime.py), which fetches remote code at runtime and executes it, so it directly introduces an external runtime dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs running privileged commands (sudo) and network-altering tools (airbase-ng, mdk4) and executing downloaded attack scripts to spoof APs and perform DoS, which require elevated privileges and modify the host/network state.