waf-bypass-hunter

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires the agent to capture and then display the secret "flag" (HACKTRON{...}) verbatim as proof, which forces handling/output of a secret value and thus creates an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content contains explicit exploit code and step-by-step instructions to bypass a WAF and achieve remote code execution (including execSync('cat /flag.txt')), which is direct guidance for data exfiltration and system compromise—definitively high risk.