cross-domain-attack-chain

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). 该文档明确描述并指导多种可直接滥用的攻击技术（数据外泄到攻击者服务器、凭证窃取、SSRF 访问内网模型 API、RAG 投毒、Agent/工具劫持以执行 SQL/系统命令、沙箱逃逸/反弹 shell、以及 MCP 回调投毒等），这些模式直接支持后门部署、远程代码执行与供应链滥用，具有高风险滥用性。

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly describes and encourages attack techniques (RCE, executing system commands, sandbox escape, reading/writing sensitive files, agent/tool hijacking) that would enable compromising and modifying the host machine's state.