file-path-traversal

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs extracting and reporting file contents (e.g., /etc/shadow, private keys, wp-config.php, /proc/self/environ) which would require the agent to output secret credentials and secrets verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The document is an explicit offensive how-to: it gives step‑by‑step payloads and bypasses to exfiltrate sensitive files, steal credentials, and escalate Local File Inclusion (LFI) into Remote Code Execution (RCE), indicating clear malicious intent and backdoor-enabling techniques.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly instructs fetching and interpreting responses from arbitrary web targets (e.g., curl "http://target.com/page?file=..." and using ffuf/wfuzz against target URLs to read files like /etc/passwd), so the agent ingests untrusted third-party web content that can directly influence subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly teaches how to read sensitive local files (e.g. /etc/shadow, private SSH keys), perform LFI-based RCE (log poisoning, php wrappers, /proc/self/environ) and exfiltrate credentials—actions that enable compromising and controlling the machine's state.