performing-web-cache-poisoning-attack

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill explicitly documents and automates web cache poisoning attacks (including unkeyed header manipulation, cache deception, and an agent script that probes/reflections and confirms cached poisoning) to serve malicious payloads to other users and facilitate credential theft/XSS, and therefore is clearly designed to enable deliberate offensive abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly makes live HTTP requests to arbitrary target URLs and parses response bodies (see scripts/agent.py functions like identify_cache_layer, test_unkeyed_headers, test_cache_deception and the SKILL.md workflow examples that instruct curling target.example.com), so it ingests untrusted public web content and uses that content to drive assessment decisions.