exploiting-http-request-smuggling

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content explicitly instructs how to discover and exploit HTTP request smuggling (including PoCs, tooling, and scripts) to bypass access controls, capture/exfiltrate other users' requests and cookies, perform reflected XSS and cache poisoning, demonstrating clear intent and capability for malicious abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly fetches and inspects arbitrary public websites as part of its required workflow—e.g., SKILL.md and scripts/agent.py call requests.get (identify_architecture) and raw socket probes against a user-supplied target URL—so untrusted third-party HTTP responses (headers/bodies) are read and used to decide and drive subsequent tests and actions.