ctf-misc

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content contains numerous explicit, actionable exploitation techniques (remote code execution, data exfiltration, credential theft, privilege escalation, supply‑chain abuse and obfuscation primitives) that can be directly reused to compromise real systems, so it presents a high malicious-use risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's reference docs (e.g., references/encodings.md "Multi-Stage URL Encoding Chain" and references/dns.md) explicitly instruct following and decoding content from public user-generated resources (GitHub Gists, Pastebin, arbitrary URLs, DNS TXT records, online decoders like zxing.org/rbndr.us), meaning the agent would fetch and interpret untrusted third‑party content that can influence subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly documents sandbox-escape and Linux privilege-escalation techniques (e.g., os.system via Python jail, sudo wildcard, NFS/SSH/Postgres RCE) which enable an agent to obtain elevated privileges and perform state-changing actions on the host.