HTML Injection Testing

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is an explicit, actionable guide for performing HTML injection attacks — including crafting phishing forms, exfiltrating cookies/data to external servers, and defacement techniques — which clearly facilitates credential theft and unauthorized data exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and inspect arbitrary public web pages (e.g., curl examples and the "Custom Fuzzing Script" that uses requests.get against http://target.com and to grep/inspect response.text) so it ingests untrusted third-party content and uses that content to drive testing decisions and next actions.