ai-data-security

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The document is an explicit, actionable playbook for offensive AI data attacks—detailing data exfiltration techniques (prompt/system-prompt leaks, training-data extraction, API/endpoint probing, RAG poisoning, vector DB traversal), membership-inference and model-inversion methods, and procedures to inject persistent malicious content—constituting high-risk, deliberate abuse behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md and references/data-attack-techniques.md) explicitly instructs collecting and using public web/forum/wiki content (e.g., "collect public text fragments" in Section 2.1 and "公开渠道投毒" / "public channels" in 5.1) so it would consume untrusted third‑party user-generated content that could carry indirect prompt‑injection.