eval-var-cmdsub

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The snippet base64-decodes an obfuscated command that performs a curl to an external URL and then eval/executes the fetched payload (via eval and likely piping to sh), which is a deliberate obfuscated remote code execution/backdoor pattern enabling arbitrary remote code execution and possible data exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md contains an obfuscated command (base64-decoded command-substitution) that performs curl to https://evil.example.org and then evals the fetched content, so it clearly fetches and executes untrusted third-party web content from the open internet.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill decodes and evals a base64 string that expands to a curl command which fetches and pipes remote code from https://evil.example.org/p.Sh into sh at runtime, so the URL directly controls execution.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This prompt decodes and evals a remote payload (curl then eval), which executes arbitrary downloaded code on the host and therefore can fully compromise the machine.