api-semantic-fuzz

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). 该技能内容明确列出并教导多种利用向量（SSRF 指向 169.254.169.254、命令注入与反弹/调用攻击者主机、路径穿越以读取 /etc/passwd、向 ATTACKER URL 发起请求、权限提升/绕过头部注入等），直接支持数据外泄、远程代码执行、凭证窃取和未授权访问，属于高风险可被滥用的攻击工具集。

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly instructs the agent to fetch and analyze arbitrary target API endpoints (e.g., the curl examples in Phase 2.2 and Phase 3.2) and to read/interpret returned error messages and response contents (Phase 4 "错误信息" and the required "evidence_save + report_vuln" follow-ups), so untrusted third‑party responses can materially influence subsequent actions.