judge-ctf

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill explicitly provides actionable exploitation guidance and direct data-exfiltration steps (SQLi payloads, LFI/RCE file reads, database queries, and environment-variable scraping) that enable unauthorized access to and extraction of sensitive data from targets, representing a high-risk, dual-use malicious capability.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to "carefully inspect all HTTP responses," "check page source for comments and hidden parameters," and perform directory brute-force against web endpoints, which requires fetching and interpreting untrusted third-party web content that could contain instructive payloads influencing actions.