reconnaissance

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This content provides explicit offensive reconnaissance tactics — including vhost brute-forcing with Host header spoofing and /etc/hosts manipulation, targeted AD/WinRM scans described as "foothold" paths, and discovery of unauthenticated management APIs/CVEs — which are high-risk instructions that facilitate unauthorized access and post-discovery exploitation (no direct exfiltration/backdoor code present, but clear malicious/abuse-enabling intent).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs fetching and interpreting HTTP responses and web content from target IPs/domains (e.g., Rule 6: curl -sI http://IP/ to read headers; Rules 7–8: ffuf/gobuster vhost brute-force and response-size/status comparison; ZAP spider/ffuf/nikto scans), which are untrusted third-party web pages whose content is used to drive further scanning and decisions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs modifying /etc/hosts ("Add discovered hostnames to /etc/hosts immediately"), which alters a system file and requires elevated privileges, so it pushes the agent to change the machine state.