ctf-forensics

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.85). The prompt includes explicit forensic code and examples that decrypt and print credentials and password hashes (e.g., Chrome master_key decryption that prints passwords, SAM dump output), which would cause an agent using this skill to output secret values verbatim and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill includes explicit commands and API calls that fetch public third-party data (e.g., mempool.space API for TX details, curl to macvendors.com, and instructions to export/read HTTP objects from PCAPs), so the agent's workflow would ingest and interpret untrusted/public web/API content.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The prompt includes explicit sudo commands (e.g., "sudo mount -o loop,ro image.dd /mnt/evidence") and many instructions that access system-level files/logs, which encourage obtaining elevated privileges and interacting with the host system.