red-teaming

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content contains extensive, actionable, dual‑use high‑risk material (detailed data exfiltration techniques, C2/backdoor and remote code execution methods, credential theft tool usage, privilege escalation/persistence tactics, supply‑chain poisoning, and obfuscation/evasion techniques) that could be readily misused for unauthorized attacks and therefore must only be used under explicit authorization and strict rules of engagement.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs ingesting open/public third‑party content (e.g., "Phase 2: Reconnaissance & Intelligence Gathering" — "Open‑Source Intelligence (OSINT): Public records, social media, company websites" and tool references such as Shodan/theHarvester/Amass in references/tools-frameworks.md), so the agent would fetch and read untrusted web/user‑generated content and could be exposed to indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs offensive actions like installing backdoors, establishing persistence, privilege escalation and living‑off‑the‑land techniques—behaviors that require modifying system state (files, services, accounts) and thus push the agent to compromise the host.