ctf-ai-ml

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is explicitly offensive and high-risk: it provides step‑by‑step code and techniques for data exfiltration (SSRF/path traversal/HTTP POSTs), remote code execution via LLM tool invocation, backdoor creation and poisoning, credential/secret extraction, model extraction and membership inference, and numerous filter‑bypass/obfuscation tricks—i.e., clear, deliberate instructions for malicious abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's llm-attacks.md explicitly instructs poisoning and retrieving web pages/documents (see "Indirect Prompt Injection") and shows fetching arbitrary URLs/tool outputs (see "Tool Use Exploitation"), meaning the agent is expected to ingest untrusted, user-controlled web content that could carry instructions affecting its tool use and decisions.