exploiting-broken-link-hijacking

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is an explicit offensive how‑to for discovering and exploiting broken link and subdomain takeover vulnerabilities — including step‑by‑step instructions to claim expired domains, create matching cloud resources (S3 buckets, GitHub Pages repos), serve malicious JavaScript, and leverage those takeovers for XSS, cookie theft, phishing and supply‑chain attacks — which clearly facilitates deliberate malicious abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly crawls and fetches arbitrary public web content (see SKILL.md commands using curl, broken-link-checker, Wayback Machine and scripts/agent.py which calls requests.get/requests.head), and it interprets those external responses/error pages to decide and trigger takeover/exploit actions, so untrusted third-party content can materially influence agent behavior.