passive-recon

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). 总体属高风险：虽然以“纯被动 OSINT”为名，但文档不仅教如何定位暴露资产，还明确鼓励对暴露的数据库/管理后台“直接尝试无认证访问”及利用弱/默认凭据等行为，具备明显可被滥用为未授权入侵的操作指引。

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md and references/search-engine-syntax.md explicitly instruct the agent to query and ingest results from public third‑party search engines (FOFA, Quake, Hunter) via HTTP/curl and then use those results to cross‑compare and prioritize targets, so untrusted external content can directly influence analysis and follow-up decisions.