websocket-attack

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill contains explicit, actionable exploit instructions (e.g., CSWSH handshake forgery, a JS fetch to evil.com for data exfiltration), message injection examples including SQLi and command injection (potential RCE), and guidance to bypass/message-level authentication to perform admin actions and steal credentials—demonstrating clear malicious intent and abuse patterns.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs the agent to fetch and analyze untrusted third-party content (page JavaScript source, HTTP 101/Upgrade responses, and live WebSocket messages from target sites as described in "页面分析", Phase 1 and Phase 3), and to base follow-up actions (crafted messages, privilege escalation tests) on that content, so it can materially influence behavior.