information-disclosure-methodology

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs extracting secrets from files and git history (e.g., .env, API keys, SSH keys) and to "use credentials immediately" for logins/connections, which requires the agent to read and embed secret values verbatim in commands or requests.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is an explicit offensive information‑disclosure and exploitation playbook—providing step‑by‑step techniques to recover source/config files, extract credentials, perform data exfiltration, and trigger RCE/unauthorized access—demonstrating clear malicious intent.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Flagged because the skill's core workflow (SKILL.md and references/source-recovery.md) explicitly instructs the agent to fetch and parse untrusted public web resources—e.g., curl http://TARGET/.git/HEAD, /.env, /swagger.json, /.svn/wc.db—and to inspect those third‑party responses to drive follow-up actions such as credential use and further requests.