ctf-web-methodology

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to extract CSRF/user_token values from responses and include them verbatim in POST request bodies, which requires handling secrets directly and poses an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.95). 这是一个面向攻击者的详尽 CTF/Web 利用方法与 PoC 集合，包含直接可执行的 RCE/反弹 shell、webshell 构造、凭证外带与窃取、SSRF→内网/Docker 利用链、JWT/JWE/JKU 注入、文件上传持久化/OPcache 劫持、工具化 exfiltrate 技术等步骤与代码示例，具备明显的滥用特征与高度可操作性，因此对真实系统存在高风险。

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and inspect live web content (e.g., "Phase 1: 访问首页 — http_request GET 首页" and "查看源码 — 检查 HTML 源码") from target/public sites and to base subsequent methodology choices on that untrusted page/JS/API content, so third‑party pages can influence tool use and next actions.