exploiting-race-condition-vulnerabilities

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes and instructs embedding session cookies and similar secret values (e.g., Cookie: session=VALID_SESSION, SESSION_COOKIE = "session=abc123") directly into requests/code, which requires the agent to handle and output secrets verbatim, creating exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content provides explicit, actionable instructions and scripts to exploit race conditions (including Turbo Intruder single‑packet attacks, threaded request code, and an account‑takeover example changing email to attacker@evil.com), enabling unauthorized double‑spend, overdraft, rate‑limit bypass and account takeover; while no covert backdoors, data‑exfiltration endpoints, obfuscated payloads, or remote‑code execution constructs were found, the material is clearly enabling malicious misuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly fetches and analyzes responses from arbitrary external targets (e.g., SKILL.md/Turbo Intruder examples that queue target.req and the scripts/agent.py which sends requests to the user-supplied --url and inspects response bodies), so untrusted third-party content is ingested and can influence attack decisions and reported findings.