exploiting-prototype-pollution-in-javascript

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content provides explicit, actionable exploit instructions and payloads that enable deliberate malicious activities — including server-side RCE (process.mainModule.require('child_process').execSync, NODE_OPTIONS, /proc/self/* access), authentication/privilege bypass (polluting isAdmin/role), and client-side DOM XSS — constituting high-risk offensive/backdoor capability rather than benign guidance.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and scripts (SKILL.md and scripts/agent.py — specifically test_json_pollution and test_query_pollution) explicitly fetch and parse HTTP responses from arbitrary target URLs/public pages, treating untrusted third-party responses as indicators that directly influence findings, severity, and follow-up actions.