idor-methodology

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks for "完整的 HTTP 请求（含认证头）+ 完整响应" and to save request headers in evidence/reporting, which would require including authentication tokens/cookies/passwords verbatim in output.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This is an explicit offensive IDOR exploitation guide (automated enumeration scripts, JWT claim tampering, privilege escalation, write/overwrite and file-access techniques) that instructs how to gain unauthorized access, exfiltrate or modify other users' data and take over accounts, constituting clear malicious/abusive behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow and reference scripts (e.g., references/idor-advanced-patterns.md's harvest_ids and the various curl/python examples) explicitly instruct fetching and parsing arbitrary public API endpoints and user-generated content (GET /api/comments, /api/users/search, leaderboards, upload URLs, etc.) and then using those responses (IDs, fields, file URLs) to drive further requests and actions, so it clearly ingests untrusted third-party content that can influence subsequent tool use.