race-condition-exploit

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is an explicit offensive exploitation guide (race-condition weaponization) containing concrete scripts and techniques to obtain remote code execution (webshells), persistence (writing cron/overwriting system files), account takeover (token/email reset abuse, OTP brute-force via rate-limit bypass), and data exfiltration (accessing /flag.txt), and therefore demonstrates clear, deliberate malicious intent.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and referenced files (e.g., references/race-scripts.md and the HTTP/2 Python/Turbo Intruder examples) explicitly send HTTP(S) requests to arbitrary targets (e.g., single_packet_attack(host,...), requests.post('https://target.com/...')) and parse/interpret the responses to decide success, so it ingests untrusted third-party web content that can influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes. The skill is explicitly framed around exploiting race conditions to perform financial-impacting operations: it lists "余额/积分/虚拟货币操作（转账、提现、消费）", describes coupon reuse and balance/withdraw scenarios, and gives concrete request examples (e.g., POST /withdraw {"amount": 100, "account": "attacker_account"} and HTTP/2 single-packet requests to /redeem). Those examples and the provided attack code are directly intended to cause multiple withdrawals/charges or reuse of monetary coupons—i.e., to move or extract value. This is not a generic tool description but an explicit method to execute financial operations via targeted endpoints.