red-teaming

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content contains extensive, actionable adversary TTPs — explicit C2/persistence/backdoor instructions, credential theft tools (e.g., Mimikatz), data-exfiltration channels (DNS, cloud uploads, chunking), supply-chain/poisoning techniques, evasion/anti-forensics and obfuscation patterns, and detailed LLM prompt-injection/jailbreak methods — which are high-risk dual‑use material that can be directly repurposed for malicious operations despite framing as authorized red‑teaming.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 2 "Reconnaissance & Intelligence Gathering" explicitly requires OSINT from public records, social media, and company websites (and tools like Shodan/theHarvester/Amass referenced throughout), meaning the agent is expected to fetch and interpret untrusted third-party content that can materially influence planning and actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs offensive actions like installing backdoors, establishing persistence, privilege escalation and living‑off‑the‑land techniques—behaviors that require modifying system state (files, services, accounts) and thus push the agent to compromise the host.