testing-for-email-header-injection

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content is a dual-use penetration-testing tool but contains explicit, actionable instructions for abuse — spam relay, email spoofing, SMTP/IMAP command injection, and a template payload to exfiltrate process.env — which enable deliberate data exfiltration and phishing abuse even though no hidden backdoor or obfuscated remote-exec code is present.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's agent posts to arbitrary target URLs and parses the HTTP responses to decide if injections succeeded (see scripts/agent.py _post/test_field_injection which inspects resp.text and SKILL.md curl examples targeting http://target.com), so it ingests untrusted third-party web content that can materially influence its actions.