performing-web-cache-deception-attack

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes example commands that embed session cookies and references to tokens/keys (e.g., curl -b "session=VICTIM_SESSION", searching for api_key/token), which require reproducing secret values verbatim in commands or outputs, creating an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill is an explicit offensive toolkit: it documents how to trick CDNs into caching authenticated pages (including social‑engineering steps) and includes an automated agent that probes for and confirms exposure of PII/tokens — intended to discover and harvest sensitive user data, so it is high-risk misuseable tooling for data exfiltration and credential theft.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests content from arbitrary external web targets (see scripts/agent.py which issues requests to the provided target_url and test URLs, and SKILL.md which uses curl against target.com endpoints), and it parses and acts on that untrusted page content (content length/PII checks and cache headers) to decide and report vulnerabilities, so third-party content can materially influence agent behavior.