exploiting-nosql-injection-vulnerabilities

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs extracting sensitive values (passwords, API keys/tokens) and reporting them in proof-of-concept commands and assessment reports, which requires the agent/LLM to handle and output secrets verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is an explicit offensive toolkit: it contains targeted NoSQL injection payloads and automation to perform authentication bypass, blind extraction of passwords and other secrets, username enumeration, and $where-based server-side JavaScript injection (potential RCE), i.e., deliberate instructions and scripts to steal credentials and exfiltrate data rather than benign testing guidance.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow and scripts (SKILL.md curl examples and the runtime code in scripts/agent.py and scripts/process.py) fetch and parse responses from arbitrary target URLs (open/public websites) and use those responses to decide follow-up actions (extraction, payload selection, continued probing), so it clearly ingests untrusted third‑party content that can influence agent behavior.