api-security

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The document contains explicit, actionable attack techniques that enable credential theft and data exfiltration (e.g., SSRF to cloud metadata, command-injection payloads, JWT JKU/X5U hosting of malicious JWKS), plus instructions for remote exploitation and automated scanning—patterns that can be deliberately abused as backdoors or for malicious access.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow explicitly instructs fetching and analyzing arbitrary public API endpoints and documentation (e.g., curl -s https://target.com/api/docs, https://target.com/swagger.json, https://target.com/openapi.json, GraphQL introspection via curl to https://target.com/graphql, and ffuf fuzzing/discovery against target URLs), meaning the agent ingests untrusted third‑party web content that can materially change subsequent testing actions.