xss-methodology

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is explicit offensive guidance for exploiting XSS (reflected/stored/DOM), bypassing WAF/CSP, executing arbitrary JavaScript in victims' browsers and exfiltrating sensitive data (cookies/page content) to attacker-controlled endpoints (JSONP callbacks, hijacks, prefetch/font probes, SVG/mXSS tricks), representing deliberate malicious abuse patterns.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly directs the agent to send HTTP requests and inspect live responses/headers for reflected/stored DOM content (SKILL.md Phase 0 and the "工具偏好" / AGENT.md http_request + CSP analysis) and cites using external JSONP/CSP endpoints (references/xss-bypass-and-types.md), meaning it ingests untrusted third‑party web content that directly influences payload selection and subsequent actions.