file-upload-methodology

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The document is explicitly malicious: it gives step‑by‑step, actionable techniques to bypass upload protections and deploy webshells, .htaccess/.user.ini persistence, path‑traversal and ZIP‑slip exploits that enable remote code execution, backdoors, and server compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to access and interpret responses from arbitrary target web URLs (e.g., "访问上传的文件 URL — 确认可访问", examples like "http://target/uploads/shell.php" and "从响应中获取新文件名"), meaning the agent will fetch and act on untrusted third-party web content which can change its next actions.