nosql-injection

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is an explicit offensive exploitation guide: it provides step-by-step NoSQL injection techniques to bypass authentication, perform blind data exfiltration, enable remote code execution (e.g., $where JS injection, CouchDB design-doc exec), and WAF/defense evasion—clearly aimed at unauthorized compromise and data theft.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow and example scripts (SKILL.md Phase 1.2 and references/nosql-payloads.md) send requests to arbitrary targets (e.g., http://TARGET/api/...), read response bodies/status/timings, and use those untrusted, remote responses to drive iterative payload selection and extraction decisions, so third-party content can materially influence agent actions.