penetration-tester-master

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content explicitly includes actionable offensive techniques — e.g., instructions for data exfiltration (steal cookies, read /etc/passwd), credential theft, remote exploitation/payload generation (Metasploit, payloads), and privilege escalation — which are high-risk and can be used for malicious compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Recon/OSINT section explicitly instructs using public OSINT sources (Shodan, Google Dorks, WHOIS) and directs the agent to "gather target intel," meaning it will fetch and read open/public third-party content as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs privilege escalation, reading sensitive local files (e.g., /etc/passwd), using kernel/SUID exploits and executing payloads (Metasploit), which encourages compromising or modifying the host system state.