subdomain-takeover

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is an explicit, step-by-step offensive playbook for subdomain takeover (CNAME/NS/MX) and post‑takeover abuse (cookie/OAuth/token/email interception, issuing TLS certs, full DNS control), clearly enabling credential theft, data exfiltration, and complete domain compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs querying and consuming open/public third-party sources (e.g., crt.sh and SecurityTrails for subdomain collection, curl/dig/whois checks of sub.target.com and vendor error pages in Sections 2.1, 3 and 4) and requires matching those untrusted responses to decide and drive follow-up actions (attempting to claim resources), so untrusted web content can materially influence the agent's behavior.