testing-for-host-header-injection

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This content is a dual‑use penetration‑testing guide that includes explicit, actionable techniques for stealing password reset tokens (password reset poisoning), poisoning caches to serve attacker JavaScript, performing SSRF against cloud metadata IPs, and directing exfiltrated links/requests to attacker-controlled domains — making it highly usable for deliberate abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly issues HTTP requests to arbitrary target URLs (see scripts/agent.py _request which calls requests.request and functions like test_host_header_override and test_password_reset_poisoning that check resp.text) and the SKILL.md curl examples show the same behavior, meaning untrusted/public web responses are ingested and parsed and can directly influence findings and subsequent actions.