testing-for-xss-vulnerabilities-with-burpsuite

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill includes explicit, targeted data-exfiltration XSS proof-of-concept payloads (cookie theft, keylogger, screenshot upload to attacker-controlled domains) and instructions to bypass protections—demonstrating deliberate malicious capability—while the companion agent script itself contains no hidden backdoor or RCE but supports automated injection and discovery that could be abused.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly crawls and fetches arbitrary target web pages and parameters (e.g., SKILL.md crawl instructions and scripts/agent.py functions like find_reflection_points, fuzz_xss_payloads, analyze_csp which call requests.get and parse resp.text) and then interprets that untrusted HTML/response content to decide which payloads to send and which findings to report, so third-party content can materially influence agent behavior.