python-prototype-pollution

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs reading and abusing secrets (e.g., extracting SECRET_KEY/app.config and using it to forge sessions or craft payloads), which requires the agent to handle and emit secret values verbatim in requests or generated artifacts.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document is an explicit offensive exploitation guide describing step-by-step techniques to abuse Python "prototype chain" / attribute-injection vulnerabilities to achieve RCE, session forging (credential theft), file exfiltration, privilege escalation, command/path/sys.path hijacking, and persistence—clearly malicious and intended for exploitation.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow explicitly instructs the agent to fetch and interact with arbitrary web endpoints (e.g., numerous curl examples in SKILL.md Phase 1.2 and references/exploitation-payloads.md targeting http://target/api/... and http://target/... ), expecting the agent to read and act on responses from untrusted third-party web content.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill contains step-by-step exploitation guidance (prototype pollution, SECRET_KEY poisoning, sys.path/PATH hijacking and RCE) and explicit payloads that instruct changing application/global state and achieving remote code execution, which can be used to compromise the machine the agent runs on.