penetration-tester

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content contains multiple high-risk offensive techniques and explicit examples of data exfiltration, reverse shells/backdoors, credential theft, privilege escalation, and system-compromise commands (e.g., XSS exfiltrate to attacker.com, cron/netcat backdoor, Dirty COW exploit, AWS metadata access), which are malicious capabilities even if presented in a defensive/educational context.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly targets arbitrary external domains/URLs and ingests their public content as part of its workflows (e.g., recon_scan.py runs sublist3r/dig/nikto/gobuster to enumerate and crawl target sites, web_app_test.py invokes zap/xsser, sql_injection_test.py runs sqlmap, and other scripts parse tool outputs), so it consumes untrusted, user-supplied third‑party web content that could carry indirect prompt-injection vectors.