SMTP Penetration Testing

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is high-risk: although it contains no hidden backdoors or obfuscated payloads, it provides explicit, actionable instructions for user enumeration, credential brute‑forcing, open‑relay exploitation and email spoofing (including an example labelled "for phishing preparation"), which directly enable credential theft, unauthorized access and abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow explicitly directs the agent to connect to arbitrary external SMTP servers and DNS records (e.g., "telnet TARGET_IP 25", "nc TARGET_IP 25", "dig MX target.com", and smtp-user-enum/nmap SMTP scripts) and to parse banner, VRFY/EXPN/RCPT, and DNS responses to decide enumeration, relay, and brute-force actions, which are untrusted third-party outputs that could contain injected instructions.