web-exploits

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill contains exploit code and payloads that embed or exfiltrate sensitive values (cookies, passwords, JWT tokens) and examples that print or return discovered secrets verbatim, so an agent following it would need to handle and output secret values directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is a full-featured offensive web-exploitation toolkit (SQLi, XSS, CSRF, LFI, SSTI, file-upload bypasses) that includes explicit exfiltration payloads, webshells, reverse-shells, remote command execution examples, and tools to tamper JWTs and leak tokens, representing high potential for data exfiltration, backdoors, credential theft, and system compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (e.g., csrf_grabber.py, lfi_tester.py, ssti_tester.py, upload_tester.py) fetch and parse responses from arbitrary target URLs/ form_url provided at runtime and inspect response.text/HTML (untrusted public web content), so the agent will read and interpret third‑party/user‑generated content.