ssti-methodology

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is an explicit offensive SSTI exploitation guide that provides ready-to-run RCE payloads, file-reading and environment-credential exfiltration techniques, filter-bypass and obfuscation methods, and operational steps to gain unauthorized access—facilitating system compromise and data theft.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly directs the agent to use http_request/analyze_response against target web endpoints (e.g., SKILL.md Phase 0/1 and AGENT.md tool preference #1, and examples like /render?template=test) and to read and act on those live responses to identify engines and choose RCE payloads, so it ingests untrusted third‑party web content that can influence subsequent actions.