Metasploit Framework

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content contains explicit, actionable instructions for exploiting targets (exploits, msfvenom payloads, reverse shells/handlers), credential theft (hashdump, keylogging), persistence mechanisms, and AV-evasion guidance—patterns that clearly enable backdoors, data exfiltration, and remote compromise.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's Required Tools section instructs downloading and executing a remote installer script via curl from https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb (saved as msfinstall and then run), which fetches and executes remote code as a required setup step.