ldap-injection-testing

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill content provides detailed LDAP injection payloads, PoC code and techniques explicitly enabling user enumeration, password/hash retrieval, authentication bypass and privilege escalation — facilitating unauthorized data exfiltration and credential theft.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes commands and examples (ldapsearch, JXplorer, and the Python ldap3 snippet) that connect to arbitrary LDAP endpoints such as "ldap://target.com" and print/search directory entries, so the agent would fetch and interpret untrusted third-party directory content as part of its workflow.