cairn-ai-pentest

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Although no direct .exe/download links are present, the prompt instructs cloning and executing code from unknown hosts and an unfamiliar GitHub repo (oritera/Cairn) and targets arbitrary web/CTF hosts (including local IPs), which makes these sources moderately-to-highly risky as they can easily distribute or trigger malicious code if run without verification.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md) shows the agent issuing HTTP requests and running tools against arbitrary targets (e.g., HTTPTool.execute with urls like "http://target.com" and the agent.run target parameter) and then reading "Observation"/response text in its ReAct loop to drive subsequent actions, which clearly exposes it to untrusted third-party web content that could contain injected instructions.