ctf-web-recon

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs fetching files (e.g., /.env, JS,/.git) and searching for hard-coded credentials like "password", "token", "secret", which would require reading and potentially outputting secret values verbatim, creating a high exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). High risk — the content explicitly guides discovery and extraction of sensitive files and credentials (e.g. .env, .git recovery via githacker, hardcoded JS secrets, backups and flag files), which are clear data-exfiltration and credential-theft techniques that can be directly abused outside CTFs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to perform http_request GETs of the target homepage and linked JavaScript and to fetch public paths like /robots.txt, /.git/HEAD, /env, backup files, etc., so the agent will ingest and interpret untrusted, user-controlled web content that can influence subsequent actions.