ctf-web

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is an offensive exploit/playbook (not defensive guidance) containing explicit, step‑by‑step techniques for data exfiltration, credential theft, remote code execution, persistent backdoors and supply‑chain abuse (examples include SSRF→Docker RCE, WeasyPrint/attachment and DOCX XXE/file-read, JPEG+HTML polyglot uploads and self‑upload exfiltration, PHP OPcache poisoning + LD_PRELOAD for RCE, Flask memory‑shell via SSTI, prototype‑pollution → VM escape, Java/Python/PHP deserialization exploits, dependency‑confusion guidance, crafting webshells and reverse shells, obfuscated/encoded payload delivery, and many other direct instructions to compromise systems), so it is intentionally enabling malicious abuse and poses a high security risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly instructs the agent to fetch and parse arbitrary public web content as part of its workflow (e.g., SKILL.md and auth-and-access.md show runtime commands like "curl -s https://target.com/robots.txt" and "curl -i -c jar.txt http://target/admin/login") and uses those untrusted responses to decide follow-up actions and attacks.