exploiting-insecure-deserialization

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.95). Yes — the list contains an attacker-controlled OAST/callback domain (abc123.oast.fun and java-deser.abc123.oast.fun) used to host/receive RCE callbacks plus references to exploit tool repositories (ysoserial, ysoserial.net, phpggc) and target endpoints, which together are high-risk and can be used to deliver or trigger malware/commands.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content provides explicit, actionable exploit instructions and tooling for remote code execution (ysoserial, phpggc, ysoserial.net), includes payloads that execute arbitrary commands and establish out‑of‑band callbacks (curl, nslookup, reverse shells, oast/interactsh domains), and contains a client script that generates and sends malicious serialized payloads—clear patterns of RCE, data exfiltration, and backdoor behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's runtime agent code (scripts/agent.py: scan_cookies, scan_response_body, test_* functions) and the SKILL.md workflow explicitly fetch and analyze arbitrary target URLs and HTTP responses (cookies, body, __VIEWSTATE, etc.), so it ingests untrusted public web content that directly influences scanning and subsequent test actions.