ctf-web

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The document is an offensive CTF exploitation playbook containing numerous explicit, actionable instructions and code for data exfiltration, credential theft, remote code execution, privilege escalation, persistent backdoors and supply‑chain attacks — behavior that is clearly usable for malicious compromise outside of controlled CTF/research contexts.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and parse arbitrary target web content (e.g., "Read the HTML, inline scripts, and bundled JS" and Quick Start Commands like curl -sI https://target.com and ffuf -u https://target.com/FUZZ), which are untrusted public third‑party pages/JS whose contents the agent is expected to interpret and that can materially change subsequent actions.