HTML Injection Testing

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content provides explicit, step-by-step attack techniques (phishing forms, form action overrides, CSS/iframe/image exfiltration of cookies and credentials, and payloads/automation) that facilitate credential theft and unauthorized data exfiltration and is therefore highly malicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs fetching and parsing content from arbitrary public websites (e.g., curl/requests calls to http://target.com, Burp Suite/OWASP ZAP spidering and the included Python fuzzing script that checks response.text), so the agent would consume untrusted, user-generated web content as part of its workflow.