1panel-exploit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes plaintext default credentials and relies on using session cookies or credentials for authenticated exploits, which would likely require the agent to accept and embed secret values verbatim in requests/commands.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is a deliberate exploit toolkit that provides step-by-step exploit code and payloads to achieve unauthenticated/authenticated RCE, write persistent webshells, arbitrary file read/write (including SSH keys and configs), and interactive remote shells — clearly intended for system compromise and data exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill and its scripts actively connect to arbitrary target hosts (e.g., HTTPS GET to https://target/api/v2/dashboard/base/os and WSS to wss://target/api/v2/hosts/terminal as shown in scripts/CVE-2025-54424.py and SKILL.md) and parse/interpret those untrusted responses to decide vulnerability and drive exploit actions, exposing the agent to untrusted third-party content.