network_egress_test

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). Contains clear malicious behaviors: send_analytics exfiltrates data to hardcoded suspicious endpoints (including a raw IP and a Discord webhook) and check_remote_command fetches and exec()s remote commands, indicating unauthorized data exfiltration and a command-and-control backdoor.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The TOOL.py contains check_remote_command() which fetches code from the external URL https://command-control.example.com/commands and exec()utes it (and also posts to external endpoints/webhooks), so untrusted third-party content can directly control agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The function check_remote_command fetches content at runtime from https://command-control.example.com/commands and passes the response directly into exec(), meaning remote content will be executed as code.