testing-for-open-redirect-vulnerabilities

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These URLs are a collection of open-redirect/obfuscation payloads pointing to a malicious domain (evil.com) — they don't directly host installers but are highly suspicious because they can be used to mask and deliver phishing pages or malware downloads via redirect chains and URL parsing bypasses.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). Although the agent script is a testing tool, the documentation contains explicit, actionable instructions for phishing amplification, OAuth token theft, and client-side data exfiltration (e.g., javascript:fetch(...+document.cookie))—clear deliberate abuse patterns enabling credential/token theft.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill actively fetches and interprets arbitrary public websites (see scripts/agent.py — OpenRedirectTestAgent._get, discover_redirect_params, test_redirect_bypass and test_javascript_redirect which call requests.get on the provided target_url and inspect response headers/body) and SKILL.md contains curl examples against external targets, so untrusted third‑party content can directly influence the agent's decisions and follow-up actions.