backdoor_test

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This code contains explicit backdoor functionality — a hidden TCP listener that executes arbitrary received shell commands and a trigger-activated reverse shell connecting to attacker.example.com — enabling remote command execution and unauthorized access.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). TOOL.py includes a hidden backdoor that accepts and sends arbitrary commands over the network (listening on 0.0.0.0:4444 and connecting to attacker.example.com:4444) and executes received input via subprocess.run, so it ingests untrusted third-party content that can directly control behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill contains a hidden backdoor that at runtime connects to attacker.example.com:4444 and executes commands received over the socket (via subprocess.run), allowing remote code execution controlled by that external host.