deserialization-methodology

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This is an explicit offensive exploitation guide: it contains ready-made RCE payloads and templates for Python pickle, PHP POP chains, Java and Node prototype pollution, instructions to write webshells, arbitrary file writes, and multiple data-exfiltration techniques (HTTP/DNS/curl), demonstrating deliberate malicious intent to achieve remote code execution, credential/flag theft, and persistent compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's main workflow (SKILL.md Phase 1 and Phase 2) and the referenced templates (references/pickle-payload-templates.md) explicitly instruct sending requests to arbitrary external targets (curl, http_request, urllib.request) and reading untrusted HTTP responses/cookies/hidden fields to decide follow-up exploit actions, so the agent will fetch and interpret third‑party content that can influence its next steps.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt is a step-by-step exploit methodology that instructs executing system commands (os.system/subprocess), writing files (cp to web paths), and exfiltrating data — all direct guidance to obtain RCE and modify/compromise the host system.