model-extraction

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill contains explicit, actionable instructions to steal model weights, embeddings, and training data via API queries and includes evasion advice (distributing queries, slow rates, multiple accounts, soft-label distillation), indicating deliberate malicious intent and a high risk of intellectual property and data exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md "Query-Based Extraction" and the provided code like QueryBasedExtractor.extract and EmbeddingExtractor.extract_space) explicitly queries external target_api/embedding_api and ingests their responses as training data, so it consumes untrusted third‑party model outputs that could embed instructions and influence subsequent actions.