exploiting-type-juggling-vulnerabilities

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is an offensive exploitation guide (includes automated scripts and payloads to actively attempt authentication/token bypasses) that clearly enables unauthorized access—while it does not contain hidden backdoors, exfiltration routines, or obfuscated remote-exec code, its intent and tooling are malicious when used without authorization.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill (SKILL.md and scripts/agent.py) performs HTTP requests to arbitrary target URLs (e.g., curl examples in SKILL.md and requests.post calls in scripts/agent.py) and reads/acts on the responses to determine/find vulnerabilities, therefore it ingests untrusted public web content that can materially influence its decisions.