path-traversal-lfi

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The playbook explicitly instructs reading and decoding sensitive files (e.g., /proc/self/environ, .env, /home//.ssh/id_rsa, /home//.aws/credentials, PHP session/log files) and to decode/report their contents, which requires the model to handle and output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is an explicit offensive playbook describing deliberate exploitation techniques (path traversal, LFI → RCE, log/session poisoning, php wrappers, RFI, phar/zip attacks and filter chains) that enable credential theft, data exfiltration, remote code execution, and backdoor/webshell installation, and therefore is intentionally malicious in purpose and high-risk.