html-injection-testing

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content contains explicit, actionable instructions for credential theft and data exfiltration (phishing forms posting to attacker-controlled domains, CSS/image trackers that leak document.cookie, meta-refresh/iframe redirects, hidden tracking iframes and form action overrides), indicating deliberate malicious intent and abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs fetching and analyzing responses from arbitrary target websites (e.g., curl examples to http://target.com/search?q=..., Burp Suite/OWASP ZAP spidering/active scans, and the custom Python fuzzing script that requests target URLs and inspects response.text), so untrusted third‑party page content is ingested and used to drive testing decisions and follow-up actions.