vuln-research

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill content is a high-risk, dual‑use offensive playbook: it contains explicit, actionable instructions and payloads for RCE (including reverse shells), data exfiltration techniques, credential theft vectors, supply‑chain attack methods, and obfuscation tactics that can be (and easily repurposed) to create backdoors or perform malicious compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow explicitly instructs the agent to consult public vulnerability/data sources and recon tooling (e.g., "Known CVEs in detected versions (check NVD, Snyk DB, GitHub Advisories)" and recon/scanning steps referencing crt.sh, subdomain enumeration, Burp Collaborator / interactsh, Nuclei, etc.), which are open/public, untrusted third‑party sources the agent is expected to read/interpret and that can materially change testing decisions and actions.