performing-clickjacking-attack-test

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content contains explicit, step-by-step clickjacking attack instructions and proof-of-concept code (including techniques to bypass frame-busting protections) that provide direct, actionable guidance to perform UI redressing attacks — while presented for "authorized testing" there are no backdoors, exfiltration routines, or obfuscated payloads, but the material clearly enables deliberate misuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow and code clearly fetch and ingest arbitrary public target pages (scripts/agent.py uses requests.get to retrieve headers and page bodies, and SKILL.md instructs embedding target URLs in iframes), meaning untrusted third‑party content is read and used to decide vulnerability and drive PoC generation.