binary-exploitation-tools

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The GitHub URL (github.com/pwndbg/pwndbg) points to a well-known, active repository and is low risk, but gef.blah.cat/sh is an external domain serving a direct shell install script — downloading and executing .sh from a non-official domain is a high-risk vector, so the combined instruction is suspicious.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is a high-risk exploit-development guide: it explicitly instructs how to generate reverse shells/shellcode (msfvenom), disable security protections (stack canaries, RELRO, NX, ASLR), use remote debugging (gdbserver), and build/execute payloads (pwntools/one_gadget/ROP tools), which directly enable unauthorized remote code execution and system compromise.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill contains explicit sudo commands and instructions to modify kernel settings and security protections (e.g., disabling ASLR, changing core_pattern, installing packages with sudo), which instruct the agent to change system state and bypass protections.