target-profiling

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill explicitly provides actionable reconnaissance and attack-planning guidance (e.g., "优先攻击"/"推荐攻击路径", methods to discover/target management consoles, exposed DBs, ways to bypass WAF and undertake full-port scanning), which directly facilitates unauthorized compromise of systems and therefore represents high-risk malicious intent.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — SKILL.md explicitly directs the agent to run internet-facing discovery/fingerprinting tools (e.g., subfinder, naabu, httpx, curl) against target domains/public services and to interpret those externally fetched responses to build attack priorities and recommended attack paths, which could allow untrusted third-party content to influence agent decisions.