http-host-header-attacks

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document is an explicit offensive methodology that instructs how to exfiltrate sensitive tokens and data (password reset tokens, cached/served assets), perform SSRF to cloud metadata, enumerate and access internal vhosts, and bypass protections—i.e., clear, actionable guidance for malicious abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent/operator to fetch and inspect responses from arbitrary target websites (e.g., curl requests, ffuf vhost enumeration and checking email/reset links) — i.e., ingesting untrusted public web content whose contents are used to decide next actions — which could carry indirect prompt-injection content.