ctf-misc

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is an offensive CTF playbook that explicitly documents numerous deliberate exploitation techniques (remote code execution, credential and secret exfiltration, container/host escapes, privilege-escalation primitives, backdoor patterns and covert channels), and thus represents high-risk, dual-use malicious capability guidance that could be directly repurposed for real-world attacks.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly instructs the agent to fetch and follow external, user-generated web resources (e.g., "Multi-Stage URL Encoding Chain (UTCTF 2026)" — follow breadcrumbs across external resources like GitHub Gists, Pastebin, etc., and sections showing use of dig/curl against remote servers), meaning the agent is expected to read and act on untrusted third‑party content that can change subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill includes explicit, actionable guidance for Linux privilege escalation, container/host escapes, mounting or accessing host filesystems, and commands that enable running system-level processes (e.g., Docker/socket mounts, SUID checks, PostgreSQL COPY TO PROGRAM, PATH hijacking), which push an agent to modify or compromise the machine state.