ctf-flag-verification

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content explicitly prescribes exploitation techniques (SQL injection, RCE/command injection, LFI/php://filter, automated segmented extraction, base64/html decoding and strip) to extract and verify flags—i.e., step-by-step instructions for unauthorized data exfiltration and remote command output handling—so it constitutes high-risk offensive guidance that can be abused outside CTF contexts.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). FLAG: The SKILL.md explicitly requires programmatic extraction and interpretation of untrusted third-party content—e.g., "Web 页面解析" (HTML comments/attributes/JS variables), SQL/command outputs (EXTRACTVALUE, command execution), and php://filter LFI reads—which instructs the agent to fetch and act on arbitrary web/target content and thus could enable indirect prompt injection.