idor-testing

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content provides explicit, actionable instructions and scripts to enumerate, access, exfiltrate, and modify other users' data (including directory traversal and bulk harvesting), which is high-risk dual-use material readily usable for unauthorized data exfiltration and abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes concrete scripts and commands that fetch and parse responses from arbitrary public targets (e.g., curl/for-loop and Python requests against https://target.com, and Burp Suite / OWASP ZAP scans), meaning the agent would ingest untrusted third-party web content as part of its workflow.