smtp-penetration-testing

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill contains explicit, actionable instructions for user enumeration, brute-force credential attacks, open-relay exploitation and even an example labeled "phishing preparation," which are clear enablers of credential theft and abuse despite being framed as penetration testing guidance.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly instructs contacting arbitrary external SMTP hosts and parsing their responses (e.g., Phase 3 "Banner Grabbing" using telnet/nc/nmap, Phase 4 "SMTP Command Enumeration", and Phase 5 "User Enumeration"), meaning untrusted third-party server output is read and used to drive further actions.