social-engineering

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). 该技能内容明确指导如何收集目标组织人员情报并筹备钓鱼、凭据喷射、水坑和供应链攻击，包含钓鱼模板、社会工程话术、凭据生成脚本及攻击流程，具有明确的恶意滥用意图并直接促进数据/凭据窃取与入侵活动。

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly instructs the agent to fetch and ingest open/public third-party content (e.g., "通过 http_request 或 curl 查询 Hunter API" in Phase 1, FOFA/FOCA/APIs and social media/GitHub/LinkedIn references in Phase 2 and OSINT sources) and to use those untrusted, user-generated sources to drive attack decisions, so the agent would read external content that can materially influence subsequent tool use and actions.