reverse-engineering-tools

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This content explicitly documents tools and techniques for anti-analysis, VM/hypervisor hiding, kernel-space dumping and PatchGuard/anti-debug circumvention (e.g., TitanHide, HyperHide, KsDumper, pcileech), which are high-risk, dual‑use capabilities that enable memory theft, privilege escalation, persistence and covert remote access.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Data Source section explicitly instructs the agent to fetch and parse raw content from public GitHub URLs (e.g., https://raw.githubusercontent.com/gmh5225/... and archive/description raw URLs) and to use those user-generated repository READMEs/archives to drive responses, so untrusted third-party content is fetched and interpreted as part of the required workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent at runtime to fetch and inject remote content from raw GitHub URLs (e.g. https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/README.md and the related /archive/{owner}/{repo}.txt and /description/{owner}/{repo}/description_en.txt endpoints), which would directly control responses by loading external prompt/content as a required dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). This skill explicitly covers kernel-mode tooling, kernel-space dumping, PatchGuard circumvention, VM/sandbox evasion and other anti-analysis bypass techniques — guidance that encourages circumventing security mechanisms and performing privileged kernel-level actions that can compromise the host.