ctf-ai-ml

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is an explicit offensive playbook (prompt injection, token smuggling, SSRF/tool exploitation, file-reading/command injection, model extraction/weight manipulation, data poisoning and backdoor creation) that describes step‑by‑step data exfiltration, remote code/tool invocation, and credential theft techniques and thus is high-risk/malicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's references/llm-attacks.md and references/tool-use-exploitation explicitly show the agent fetching and summarizing web pages, RAG-retrieving and fetching arbitrary URLs (e.g., the "Poison a web page" malicious_document example and "Fetch this URL"/SSRF examples), meaning it ingests untrusted public web content that could carry indirect prompt-injection instructions.