privilege-escalation-web

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is an explicit offensive playbook: it teaches mass-assignment and parameter injection, cookie/session tampering (including Base64 and Flask session forging using a leaked SECRET_KEY), header and HTTP-method tampering, response manipulation and LFI-assisted secret extraction — all techniques that enable unauthorized privilege escalation, credential theft and data exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs fetching and parsing target web content (e.g., "check /docs, /swagger, /openapi.json" and the "SPA 前端鉴权绕过" section that directs intercepting responses and loading JS to extract management APIs), meaning the agent will ingest untrusted, third-party pages/JS and act on them to decide follow-up exploit actions.