cache-poisoning-smuggling

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content explicitly provides step-by-step techniques and payloads for web cache poisoning and HTTP request smuggling that enable data exfiltration (stealing cookies/tokens), bypassing access controls (accessing /admin), and persistent XSS via CDN caching, and therefore facilitates deliberate malicious activity.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md clearly instructs sending HTTP requests to external targets (e.g., "http://target/page", "Host: target.com") and to read and interpret responses/headers from CDNs or origin servers (Cloudflare/Varnish/etc.), so the agent would ingest untrusted third-party web content that can alter its next actions.