evasion-research

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill explicitly instructs how to find, extract, and catalog evasion techniques (shellcode loaders, AMSI bypasses, direct syscalls, C2/loader components, API/string obfuscation, anti-analysis) from GitHub—functionality that directly facilitates building backdoors, remote code execution, evasion of defenses, and other intentional malicious activity.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs using GitHub searches and gh API commands to fetch and read repository files (see SKILL.md and references/research-workflow.md), so the agent will ingest untrusted, user-generated GitHub content that can influence subsequent decisions and tool use.