api-security

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill content contains multiple explicit, actionable offensive constructs (reverse shells, curl/wget exfil to attacker domains, SQL/OS command injection examples, "insert backdoor" SQL, SSRF/XXE to access metadata, key/token extraction patterns, and obfuscation techniques) that constitute deliberate malicious patterns enabling data exfiltration, remote code execution, credential theft and backdoor installation.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md step 1: "Discover API endpoints and documentation (Swagger, GraphQL schema)") and the reference guides (e.g., reference/api-testing-cheat-sheet.md and reference/graphql-cheat-sheet.md) explicitly instruct fetching public API docs and performing GraphQL introspection and requests (e.g., /openapi.json, /swagger.json, /graphql introspection), meaning the agent will read untrusted, user-generated/public third-party content that can materially drive subsequent actions—so it exposes the agent to indirect prompt injection risk.