cors-misconfiguration

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). These URLs are highly suspicious because they include attacker-controlled domains, typosquats and misleading subdomains (e.g., target.com.attacker.com, target.com.evil.com, attackertarget.com, evil.target.com) and explicit exfiltration endpoints (/log?d=, /log?data=) used to collect stolen data—they are not legitimate download sources and could host malware or facilitate data theft.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill content contains explicit, actionable exploitation instructions and code (e.g., fetch with credentials + sending results to attacker domains, iframe sandbox tricks) designed to steal authenticated user data and exfiltrate it to attacker-controlled servers, indicating deliberate malicious intent.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's SKILL.md explicitly instructs the agent to send HTTP requests to arbitrary target APIs (e.g., the Phase 1 example http_request url="http://target/api/userinfo") and to read/interpret response headers and bodies to decide and perform exploit actions, thereby ingesting untrusted third‑party content that can materially influence subsequent tool use.