sysadmin-toolbox

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). High-risk: the content includes explicit, actionable recipes for remote shells and backdoors (e.g. "nc -l -e /bin/bash", mkfifo reverse shell patterns, nc-proxy), credential harvesting/exfiltration commands (tcpdump/egrep to grab plaintext credentials, functions to censor/alter shell history), offensive tooling and DDoS primitives (hping3 --flood, masscan/zmap), and a refresh script that blindly clones and overwrites local skill files from a remote repo (supply‑chain risk) — together these demonstrate clear, deliberate enabling of backdoor access, credential theft, data exfiltration and supply-chain abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill auto-refreshes and loads public content from the upstream GitHub repo (see "References auto-refresh weekly... from the upstream repo" and scripts/refresh.sh) and explicitly instructs the agent to load and consult those third‑party reference files (e.g., references/shell-oneliners.md, references/cli-tools.md), so untrusted, user‑provided web content can be ingested and materially influence recommended commands and actions.