ctf-malware

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt tells the agent to "use bot token from malware source to call getUpdates and getFile APIs," which requires embedding/exposing a secret token verbatim in API requests (e.g., in URLs or headers), creating a high exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The document contains multiple explicit, actionable techniques that enable deliberate malicious activity — including data exfiltration (Telegram bot retrieval, screenshots/file uploads), backdoors/C2 and remote code execution (RC4/WebSocket C2, reverse-shell/command execution patterns, registration/beaconing behavior), credential theft (searching/exfiltrating tokens and hardcoded keys), system compromise & persistence (postinst scripts, startup/registry persistence hints), supply-chain attack vectors (malicious post-install scripts, hidden dependencies), and widespread obfuscation/encryption patterns intended to hide payloads — making it high-risk material that can be directly repurposed by attackers.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's c2-and-protocols.md explicitly instructs calling the public Telegram Bot API (getUpdates/getFile) to fetch and download messages/files from a bot token, which are untrusted user-generated third-party contents the agent would retrieve and act on, enabling indirect prompt injection.