database-exploit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). Insecure: the skill includes and instructs using plaintext credentials and keys in commands (e.g., -p 'sa', impacket mssql DOMAIN/sa:PASSWORD@TARGET, SSH key payloads, writing authorized_keys, searching/exfiltrating sensitive data), which requires the LLM to handle and potentially emit secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is explicit, step-by-step malicious guidance for unauthorized database exploitation — including RCE, credential theft (NTLM/weak-password harvesting), data exfiltration, persistence (webshells/SSH keys/cron), and privilege escalation — and is therefore intentionally abusive.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs unauthorized access and commands that modify system files (writing webshells, authorized_keys, crontabs, enabling xp_cmdshell, uploading UDFs) and perform privilege escalation, which directly compromise or change the machine's state.