xss-html-injection

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content contains explicit, reusable malicious payloads and techniques (cookie theft, keylogging, session hijacking, phishing forms, exfiltration to attacker-controlled domains), plus obfuscation and delivery methods that indicate clear intent and high potential for abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's core workflow explicitly requires fetching and interacting with target web application pages and user-generated content (e.g., comment sections, user profiles, search results, URL fragments) as described in "Phase 1" and "Phase 2" of SKILL.md, so untrusted third-party content could influence subsequent actions.