ssrf-methodology

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs using SSRF to query cloud metadata endpoints and read local config/files to obtain credentials and secrets, which entails retrieving and exfiltrating secret values verbatim (high risk).

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is an explicit offensive SSRF exploitation guide that instructs attackers how to exfiltrate sensitive data (cloud metadata, files), steal credentials, bypass IP filters, and achieve remote code execution (gopher→Redis, Docker API, rogue MySQL), and thus constitutes clearly malicious/offensive tooling.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly instructs exploiting SSRF to read local files (e.g., /etc/passwd, /app/config.py), query cloud metadata for credentials, and use protocols like gopher to interact with internal services (e.g., Redis), enabling exfiltration and potential modification/control of the host.