ctf-reverse

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly instructs the agent to fetch and ingest untrusted public content (for example, languages.md "Roblox Place File Analysis" shows using curl to the public Asset Delivery API to download place versions, and other sections instruct downloading stage‑2 binaries from remote endpoints or uploading binaries to dogbolt.org), which the agent is expected to read/interpret as part of its workflow and could therefore enable indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The prompt explicitly instructs bypassing anti-debugging checks and patching binaries (e.g., replacing ptrace with a ret, using LD_PRELOAD, binary patching), which are actions that modify executable state and enable security-mechanism bypasses even though it doesn't request sudo or system-account changes.