developing-bash

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content includes multiple explicit, actionable backdoor and abuse patterns (creating persistent backdoor users, cron/netcat reverse shells, SUID/NFS and Docker escape techniques, automated credential cracking and exploitation automation) which—while framed as authorized pentesting—are high-risk dual-use instructions that enable deliberate compromise and persistence if misused.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's instructions explicitly include fetching and parsing arbitrary external web content (e.g., references/EXPLOITATION.md shows using CeWL to crawl target websites and references/CLI-TOOLS.md and other files include curl + jq API calls and scripts that parse external pages/scan results and then drive follow-up tools like Hydra or Metasploit), so the agent would read untrusted user-generated/public web content and use it to decide or trigger further actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly covers system administration automation and penetration-testing/exploitation topics (Nmap, web scanning, exploitation, Wi‑Fi assessment), which are likely to prompt the agent to perform privileged actions, modify system files, or create accounts and thus can push it to compromise the host state even if not spelling out specific sudo commands.