pentest-http-smuggling

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content provides detailed, actionable instructions, test vectors, and tooling for HTTP request smuggling, cache poisoning, and host-header attacks that can be directly used to hijack requests, poison caches, and steal credentials or session tokens—posing a high risk of misuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and analyzes arbitrary public web endpoints and HTTP responses (e.g., smuggler_scan(url), h2csmuggler_scan(url), curl_trace, python_socket_request, cache_poison_verify and related functions) and therefore ingests untrusted third‑party web content that could carry indirect prompt-injection.