kali

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). High risk: the skill explicitly contains instructions to generate and deploy reverse shells and payloads (msfvenom, metasploit), run network interception and MITM tools (ettercap, tcpdump, airodump/aireplay), credential-cracking and brute-force tools (hydra, hashcat, john), and guidance to enable privileged network access and persistent operations—patterns that enable backdoors, remote code execution, credential theft, data exfiltration, and system compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill executes tools that fetch and parse arbitrary public web/OSINT content (e.g., docker exec kali nikto -h http://target.com, whatweb/http enumeration, dirb/gobuster directory scans, sqlmap, theharvester/sublist3r OSINT queries) so the agent will ingest untrusted third‑party web/forum/OSINT data as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs running docker containers with elevated capabilities (--cap-add NET_RAW/NET_ADMIN, --network host), executing commands as root, starting services, changing permissions, and performing network/attack operations (airmon-ng, aireplay-ng, ettercap) which will modify the host/container state and can compromise the machine the agent runs on.