geoserver-exploit

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This is an explicit offensive exploit toolkit: it contains ready-to-run RCE payloads (XPath exec, Jiffle injection), reverse‑shell tooling, XXE/SSRF-based arbitrary file reads (including cloud metadata endpoints), SQL injection data‑exfiltration queries, and automated/bulk scanning and target harvesting — all clear indicators of deliberate malicious/abusive intent.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's documentation and included exploit scripts (e.g., SKILL.md and references/cve-2025-58360-xxe.md and references/cve-2024-36401-rce.md) explicitly instruct the agent to fetch and parse responses from arbitrary GeoServer endpoints (/geoserver/web, /geoserver/ows, /geoserver/wfs, /geoserver/TestWfsPost and other target URLs), which are untrusted third‑party sources and whose content is parsed to drive follow-up actions and exploitation decisions.