webshell-management

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes hard-coded encryption keys and shows workflows that exfiltrate and embed file contents (base64 blobs, uploaded payloads, attacker IPs), which requires the agent to output secret values or secret-bearing data verbatim (e.g., keys, base64-encoded files, credentials found on target), creating a direct exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is a clear post‑exploitation playbook: it instructs on remote code execution via webshells (eval/system), data exfiltration (base64 file download, credential searches), reverse shells, encrypted C2 channels (XOR/AES), evasion techniques (disable_functions/open_basedir bypass), persistence (multiple webshells, image‑webshells, cron), and lateral movement — all indicative of deliberate malicious/backdoor behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs the agent to fetch and execute commands against arbitrary remote webshell endpoints (e.g., http://TARGET/shell.php, http://TARGET/xshell.php, http://TARGET/ashell.php) and to read/interpret their responses (phpinfo, file contents, command output) which are untrusted third‑party content used to decide next actions (bypass, pivot, persistence).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill issues runtime HTTP requests that send and execute code on remote webshell endpoints (e.g., curl POSTs to http://TARGET/shell.php and http://TARGET/xshell.php) so these URLs are used to remotely execute commands and are required for the skill to function.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). Yes — the skill explicitly instructs executing arbitrary commands, writing files, installing persistent backdoors (cron, webshells, image backdoors), creating reverse shells, and bypassing security controls on target hosts, which are direct instructions to modify and persistently compromise machine state.