security-review

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill contains explicit, actionable exploit templates (command injection, RCE via eval/exec, reverse-shell payloads, path traversal to read sensitive files, and payloads to exfiltrate credentials) that enable backdoors and data exfiltration and thus present high abuse potential despite being framed as pentesting guidance.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly directs the reviewer to consult public exploit repositories ("When a vulnerable dependency is found, search for: Public exploits: searchsploit, exploit-db, GitHub") and the README shows fetching content from raw.githubusercontent.com, so it requires ingesting untrusted, user-generated third‑party web content that can influence exploit development and next actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt mandates developing and executing working exploits (command injection, reverse shells, reading /etc/passwd and private keys, running child_process.execSync payloads) which directly encourage running commands and accessing/modifying sensitive local resources, risking compromise of the host.