autoteam-chatgpt-rotation

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This project explicitly automates mass/temporary ChatGPT Team account creation and rotation, includes instructions to evade detection (residential proxies, delay tuning), and synchronizes authentication files to an external CPA endpoint — behaviors that enable credential exfiltration, large-scale abuse of service quotas, and circumvention of provider protections.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime workflow explicitly uses Playwright to browse and automate ChatGPT registration pages and ingests temporary-email content from a third-party service (CloudMail) — see the "轮转流程", Playwright/browser automation and CloudMail API configuration in SKILL.md and src/browser.py — meaning the agent reads and acts on external, public third-party content during execution, which could permit indirect instruction injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's one‑click install runs "git clone https://github.com/cnitlrt/AutoTeam.git" followed by "bash setup.sh", which fetches remote code from that repository and executes it at install/runtime, so the git URL is a runtime external dependency that executes remote code.