ai-threat-testing

No runnable code is provided in this fragment, so direct malware behavior cannot be confirmed. However, the content is an explicit adversarial testing/evasion and forensic-impairment playbook (including log/evidence manipulation tactics and “undetected attack” success criteria). This represents a meaningful supply-chain and misuse risk: the module appears designed to help bypass detection rather than to implement defensive monitoring.

This fragment is explicit, actionable adversarial evasion guidance (with code-like pseudocode) for L0-bounded targeted attacks against ML-as-Authorization endpoints that gate access/state on classifier predictions. No direct malware behaviors (network/file/process/persistence) are evidenced within the snippet itself, but its content meaningfully enables unauthorized access via model-oracle manipulation. If this appears in a published dependency, treat it as high security risk from an attacker-use perspective and investigate the surrounding repository context for how it is packaged/distributed (e.g., whether it is included in a library for benign use or embedded exploit materials).

SUSPICIOUS. The skill is internally consistent as an offensive security framework, but that purpose itself is high risk for an AI agent: it enables exploit execution, system prompt extraction, model extraction, RCE testing, and autonomous multi-agent probing of live targets. There is little supply-chain concern from the provided text, but the operational risk is high because the skill grants offensive capabilities that could be misused beyond authorized assessments.

No traditional malware or backdoor behavior is present because this is instructional attack guidance rather than executable code. However, the content is highly operational and directly usable to perform LLM denial-of-service and cost/latency amplification attacks (token flooding, output explosion, recursive/agentic tool loops, and multimodal/RAG amplification). If shipped with a package or tooling context accessible to end users or third parties, it increases the likelihood of abuse and represents a high security-policy risk for LLM-backed deployments.

This artifact is not safe library code; it is an explicit, operational offensive guide for LLM training data poisoning (backdoors, bias amplification, and memorization induction) and for validating attack success after retraining. While there is no executable code to assess for direct I/O, exfiltration, or persistence, the instructions materially enable an integrity compromise of downstream ML models via untrusted training data ingestion. Treat as high misuse risk and inappropriate for inclusion in legitimate software/distribution contexts.

This supplied fragment is a highly actionable, offensive playbook for extracting and exfiltrating sensitive information from LLM systems, including hidden system prompts/configs, memorized training strings, and cross-tenant RAG data. While it contains no executable code itself, its explicit coercion and secret/canary probing instructions make it a critical supply-chain red flag; it should not be included or referenced in a product without strict, authorized, defensive context.