API Fuzzing for Bug Bounty

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is a high-risk offensive guide: it contains explicit instructions for data exfiltration (e.g., iplogger and SMB OOB exfiltration), credential theft and brute-force techniques, command/SQL/XXE/SSRF exploitation that enable remote code execution and unauthorized access, and evasion methods (rate‑limit bypass, IP rotation) — all indicative of deliberate malicious/abusive use.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Core Workflow explicitly instructs fetching and parsing OpenAPI/Swagger files (e.g., /swagger.json, /openapi.json) and checking archive.org snapshots to extract paths and drive fuzzing, meaning the agent would ingest untrusted public third-party content (target-hosted docs and archive.org) that can materially influence subsequent tool actions.