injection

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is high-risk: it contains extensive, actionable offensive techniques (data exfiltration to external hosts, RCE and reverse-shell payloads, webshell/SSH/crontab write chains, SSRF to cloud metadata, credential-stealing patterns, supply‑chain and obfuscated payload examples) that can be directly abused to gain persistent unauthorized access and steal sensitive data.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes multiple automation scripts and example workflows (e.g., reference/nosql-injection-advanced.md and related reference files) that explicitly send requests to arbitrary target URLs (sys.argv[1], curl to http://target.com, etc.) and parse response bodies/statuses as part of the testing workflow, which clearly causes the agent to fetch and interpret untrusted, public third‑party content that can change subsequent actions.