api-fuzz

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This is an offensive API-fuzzing methodology containing explicit exploit techniques (command injection payloads, eval/SSTI, prototype pollution), clear data-exfiltration vectors (curl/http://ATTACKER/, SSRF to 169.254.169.254), and credential/authorization abuse patterns (mass assignment to role, header/IP whitelist bypasses), so it enables deliberate malicious activity.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow explicitly instructs fetching and parsing public third-party content (e.g., /openapi.json, Swagger UI at /docs, front-end JS bundles like app.js/bundle.js and arbitrary API endpoints via curl) as part of its analysis, and those untrusted pages/JSON/JS are used to drive subsequent fuzzing and attack decisions (see SKILL.md and references/api-semantic-fuzz.md and references/api-fuzz-payloads.md), so it clearly exposes the agent to untrusted third-party content that can influence actions.