cryptography

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is a detailed, actionable offensive-crypto playbook (key recovery, oracle attacks, RNG-backdoor exploitation, signature forgery, JWT forgery) that enables stealing secrets and bypassing authentication — high risk for malicious abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch and use public third‑party data (e.g., "factordb.com" lookup in reference/cryptography-principles.md and the factordb curl example in reference/scenarios/rsa-quirks/small-prime-factorization.md, and fetching /.well-known/jwks.json in reference/scenarios/signature-forgery/jwt-alg-confusion.md), which are untrusted public sources and are used by the workflow to drive attack decisions—so untrusted content can materially influence tool use.