ai-threat-testing

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill is an explicit offensive exploitation framework that documents and prescribes deliberate malicious techniques — including RCE (MCP inspector abuse, model-generated code execution), data exfiltration (system prompt/token extraction, model/training-data extraction), backdoors (training-poisoning triggers), supply‑chain compromise, logging/forensic evasion, privilege escalation and obfuscation/evasion techniques — and therefore presents high-risk malicious behavior despite the stated “authorized testing” context.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's agents explicitly fetch and ingest untrusted external content—e.g., reference/llm08-vector-poisoning.md ("Web crawling source poisoning", "Direct document upload", injection into RAG systems") and reference/llm01-prompt-injection.md ("Inject payload in document content", "Embed instructions in retrieved data")—showing the agent reads third-party/public content that can materially change behavior.