infrastructure

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content contains explicit, actionable instructions for credential theft, command injection/RCE (e.g., Cheetah template injection, Tomcat WAR/webshell deployment), MITM/traffic interception, NTLM hash capture/exfiltration, and DoS/amplification techniques—making it highly usable for malicious abuse outside authorized testing.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching and parsing untrusted external content (e.g., reference/upnp-iot-quickstart.md directs curling and reading target/rootDesc.xml and SCPD XML and reusing returned fields as auth-keys, and reference/ip-reputation.md directs querying public APIs like AbuseIPDB/VirusTotal/Shodan), and those parsed responses are used to drive subsequent actions and tool use.