xslt-injection

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill contains explicit exploit payloads and instructions enabling data exfiltration (document()/XXE/SSRF), arbitrary file writes (EXSLT) and direct remote code execution (php:function webshell writes, Java Runtime.exec, msxsl:script), i.e., clear adversarial techniques that can be used as backdoors and for system compromise.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill contains explicit instructions and payloads to read sensitive local files (e.g., /etc/passwd), write files (EXSLT document, php file_put_contents to /var/www/shell.php), and execute system commands via Java/.NET/PHP extension functions, which would modify the host filesystem and enable RCE—i.e., it actively guides compromising the machine state.