xslt-injection

Warn

Audited by Socket on Apr 22, 2026

1 alert found:

Security

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

该skill与其声明目的基本一致，但声明目的本身就是为AI代理提供进攻性漏洞利用能力。未见明显供应链或凭据窃取迹象；风险主要来自它系统性教授并可促使代理执行SSRF、文件读取/写入与RCE，对真实目标具有直接攻击价值，因此应判为高风险可疑技能而非确认恶意软件。

Confidence: 95%Severity: 91%

Audit Metadata

Analyzed At

Apr 22, 2026, 10:11 AM

Package URL

pkg:socket/skills-sh/wgpsec%2FAboutSecurity%2Fxslt-injection%2F@415f20ceef314240f2cbd17d951f1f572333a8eb