ultimate-search

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill explicitly instructs how to extract, aggregate and store SSO cookies/tokens (export_sso.txt, import-keys.sh, .env updates), automates Cloudflare/anti-bot bypass (FlareSolverr / cf_clearance), and provides multi-account/key aggregation and rotation — behaviors that materially enable credential harvesting, mass account reuse, and abusive scraping (account takeover or quota abuse); there is no obvious obfuscated backdoor or covert remote-exfiltration host baked in, but the documented flows are high-risk and readily usable for malicious abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow (SKILL.md and scripts) explicitly performs live web searches and page fetches of arbitrary public sources—via grok-search/grok2api (Grok), tavily-search/web-fetch/web-map (Tavily Extract), FireCrawl, and agent-browser interactions including X/Twitter routing—and consumes those untrusted, user-generated/public webpages as inputs that the agent must read and use to decide follow-up actions, so third-party content can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's docker-compose pulls and runs remote container images (executing fetched code) that are required at runtime, specifically ghcr.io/chenyme/grok2api:latest, ghcr.io/xuncv/tavilyproxymanager:latest and ghcr.io/flaresolverr/flaresolverr:latest, which constitute high-confidence external code execution dependencies.