competition-ssrf-metadata-pivot

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to record and preserve "extracted token or credential fields" and to reproduce SSRF-to-access replays, which requires including secret values verbatim in output, creating an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). 此技能明确描述利用 SSRF 访问云/内部元数据服务、提取令牌/凭据并回放以实现特权升级的步骤，直接支持凭据窃取、数据外泄与横向/远程入侵等恶意行为。