api-fuzzing-for-bug-bounty

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill contains explicit, actionable offensive techniques (SSRF/XXE/command/SQL injection payloads, PDF/LFI examples, SMB/DNS callback exfiltration, iplogger usage, auth/rate-limit bypasses and method tampering) that directly enable data exfiltration, credential theft, and remote code execution and therefore presents a high malicious risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill instructs the agent to fetch and parse open/public third-party content (e.g., scanning arbitrary target URLs with "kr scan https://target.com", retrieving /swagger.json or /openapi.json, performing GraphQL introspection queries, and checking archive.org or site JS files) and to interpret those untrusted API/schema/responses as part of its workflow, exposing it to indirect prompt injection risk.