performing-web-cache-poisoning-attack

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is an explicit offensive tool and playbook for performing web cache poisoning—providing step‑by‑step exploit commands and an automated agent that deliberately poisons caches (e.g., sending headers like "X-Forwarded-Host: evil.com" and removing cache-busters to store poisoned responses) to serve attacker-controlled content to all users, enabling XSS/credential theft—so it is clearly designed for malicious abuse despite the authorization disclaimer.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and code (SKILL.md curl examples and scripts/agent.py, notably test_unkeyed_headers/test_cache_deception) explicitly fetch and parse arbitrary public target URLs and response bodies (resp.text) from third-party sites and use those contents to decide whether pages are "poisoned" or to drive further requests, so untrusted web content can materially influence agent behavior.