php-bypass

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document provides explicit, actionable instructions to bypass PHP security controls (disable_functions, open_basedir) — including uploading/compiling malicious .so, using LD_PRELOAD, FFI to call system(), ImageMagick delegate abuse, gconv modules, UAF exploits and opcache poisoning — enabling remote command execution, data exfiltration and persistent backdoors, so it is clearly malicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's instructions (references/disable-functions-bypass.md) explicitly tell the operator to obtain exploit scripts from public repositories (e.g., "或从 GitHub 获取 https://github.com/mm0r1/exploits"), which directs the agent to fetch and act on untrusted, user-generated third‑party content that could contain executable instructions affecting next actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs how to bypass PHP security restrictions (disable_functions, open_basedir), upload/execute .so files, use FFI/LD_PRELOAD/other exploits and run system commands — all actions that actively compromise and modify the target machine's state.