performing-web-application-firewall-bypass

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content explicitly documents and automates techniques to evade Web Application Firewalls and deliver SQLi, XSS, and path-traversal payloads (including an agent that runs those payloads), which is deliberate facilitation of exploitation and security control bypass—highly malicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime agent (scripts/agent.py) performs HTTP requests to arbitrary target URLs (e.g., target_url / http://target.com shown in SKILL.md) and parses response status/length to decide and record "bypass" findings, so untrusted third-party web content is ingested and can materially influence the agent's decisions and outputs.