html-injection-testing

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content provides explicit, actionable instructions and payloads to create phishing overlays, hijack forms, exfiltrate credentials and cookies to attacker-controlled endpoints, and otherwise abuse HTML injection for credential theft and data exfiltration, indicating intentional malicious behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs fetching and parsing responses from arbitrary public websites (e.g., curl examples, Burp/ZAP spidering steps, and the custom Python fuzzing script targeting "http://target.com") so the agent would read untrusted third‑party page content and act on reflected/served HTML.