ldap-injection

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly teaches extracting userPassword and other sensitive attributes (including a script that retrieves and prints extracted passwords), which requires the agent to obtain and output secrets verbatim—high exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is an explicit offensive guide for exploiting LDAP injection vulnerabilities to bypass authentication, enumerate and steal credentials and directory data (including AD-specific admin/kerberoast/AS-REP targets) and even contains an automated blind-extraction script, indicating deliberate malicious intent and use for data exfiltration and credential theft.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow (e.g., Phase 2.3 "自动化盲注脚本" which POSTs to http://TARGET/login and checks r.text/status codes, plus multiple instructions to send payloads to target web login endpoints) fetches and interprets responses from arbitrary external web targets, and uses those untrusted responses to decide subsequent injection payloads and extraction steps.