blackhat-go

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill content is a deliberate offensive-security knowledge base that explicitly documents and wires together high-risk, actionable techniques (private-key extraction, wallet drainers, CICD injection/dependency confusion, k8s pod escape, RATs/process-injection, credential theft, C2/remote access, data-collection/exfiltration) and agentized automation primitives that could readily enable data exfiltration, backdoors, credential harvesting, system compromise, and supply-chain attacks.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly connects to a public CatColab Automerge WebSocket (wss://catcolab.io/automerge) and processes shared game documents and player moves (user-generated content) as part of real-time agent workflows, so the agent will ingest and act on untrusted third-party content from that server.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes a runtime WebSocket connection to wss://catcolab.io/automerge which is used to fetch Automerge game documents (game moves/state) that directly drive agent actions and therefore can control agent instructions at runtime, making it a risky external dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly contains Web3/Blockchain techniques and tooling that are narrowly focused on moving/stealing crypto funds. Evidence in the prompt: Chapter 30 (Web3/Blockchain) lists techniques like "smart-contract-reentrancy", "flash-loan-exploit", "private-key-extract", and "wallet-drainer" (high-risk techniques). The Go package list includes "github.com/ethereum/go-ethereum" (an Ethereum client/library used for wallet management and signing). The skill also exposes techniques as MCP tools (e.g., mcp://blackhat-go/techniques) and workflows that allow agents to invoke specific techniques. These are not generic capabilities (like a generic HTTP client or browser automation) but are crypto-specific operations (wallet draining, private key extraction, smart-contract exploits) that enable direct financial actions (signing/sending transactions or stealing funds). Therefore it matches the "Crypto/Blockchain (Wallets, Swaps, Signing)" criteria for Direct Financial Execution.