rocketmq-exploit

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is a high-risk offensive exploit toolkit: it provides ready-to-run RCE and arbitrary-file-write exploits (CVE-2023-33246, CVE-2023-37582), scanning/automation tools, and explicit post‑exploitation instructions (writing SSH authorized_keys, cron jobs, reverse shells) intended to achieve unauthorized remote code execution, persistence and system compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's included detection and exploit scripts (e.g., references/detection-and-tools.md get_broker_version/send_rocketmq_packet and the Dashboard check that calls HTTP GET /cluster/list.query, as well as SKILL.md workflow) actively fetch and parse live responses from arbitrary RocketMQ endpoints on the internet and use that untrusted, third-party content to decide and drive exploitation actions.