sysadmin-toolbox

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is a dual‑use sysadmin/reference bundle but contains multiple high‑risk patterns (explicit reverse‑shells and netcat/socat remote shells, commands to capture/extract credentials via tcpdump, examples of data transfer/exfil via nc/tar, history‑cleanup to hide traces, and references to backdoor collections and offensive tools) that can be directly used for unauthorized data exfiltration and remote code execution.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly auto-refreshes and loads reference content from a public GitHub repo (github.com/trimstray/the-book-of-secret-knowledge) and includes runtime functions that call public web APIs (e.g., https://dns.google.com/resolve and http://ip-api.com), meaning the agent fetches and reads untrusted third-party/user-generated content as part of its workflow.