waf-bypass-agent

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt asks the agent to record and emit exact request signatures, headers and replay steps and even discusses splitting/moving "sensitive token" across inputs, which means the LLM may need to include secret values (cookies, auth headers, tokens) verbatim in its outputs.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is an operational playbook explicitly designed to evade WAFs and parser/gateway protections—providing detailed, actionable techniques (encoding tricks, content-type smuggling, parameter-splitting, alternate ingestion vectors, duplicate-key manipulation, etc.) that intentionally enable bypassing security controls and reaching vulnerable app logic and therefore can be readily abused by attackers.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and analyzes responses from arbitrary target endpoints (see Inputs: "target_endpoint" and "response_samples" and the "Signal Collection"/"Differential Baselines" phases), using those untrusted response bodies to guide hypothesis generation and payload actions, which can allow indirect prompt-injection from third-party content.