check-malicious-code

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to extract and include exact code snippets and lines from scanned files (including patterns like ~/.aws, ~/.ssh, token, api_key, password), so any embedded secrets would be copied into the generated report and output verbatim.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). Both URLs are hosted on an untrusted domain (evil.com) and include a direct shell script (script.sh) and an unspecified resource (/data) — direct downloads/execution from unknown domains are a high-risk vector for remote code execution and malware distribution.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill scans and reads SKILL.md (and other files) under /mnt/skills/public, /mnt/skills/examples, and /mnt/skills/user—i.e., it ingests and displays content from user-installed or public third-party skill files (including raw code and HTML comments) as part of its reporting, which could contain untrusted, user-generated instructions that an LLM might interpret.