ctf-misc

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content explicitly documents and provides ready-to-run techniques for remote code execution, sandbox escapes, credential/token theft, data exfiltration (DNS tunneling/rebinding), and host/container privilege escalation — i.e., deliberate offensive/backdoor-capable functionality rather than benign guidance.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly instructs fetching and parsing data from open/public sources—e.g., dig/curl calls and DNS TXT/IXFR walking in dns.md and the Roblox Asset Delivery/curl example in games-and-vms.md/SKILL.md—so it ingests untrusted, user-controlled web content that the agent must interpret to drive follow-on actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt contains explicit, actionable instructions for local privilege escalation and host compromise (e.g., find SUID, docker run -v /:/mnt ... chroot, vim -c ':!cat /flag.txt', K8s RBAC hostPath mounts) that would enable the agent to access/modify the machine state and secrets.