CTF Web Solver

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Yes — the mix includes untrusted downloadable artifacts (http://target.com/www.zip, backup.sql) and exposed VCS metadata (.git/.svn) on an unknown domain that can leak sensitive data or host malware; only the cdnjs link is a reputable CDN (though an outdated Angular version), while the other entries (internal, FUZZ) indicate attack surface for internal/resource enumeration.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content contains detailed, actionable exploit instructions (SQLi/XSS/SSRF/SSTI/XXE/RCE, reverse-shells, file reads like /etc/passwd, cloud metadata access, JWT/key attacks, tooling for automated exploitation) that enable data exfiltration, remote code execution, credential theft and persistence, so it presents high-risk malicious capabilities.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Recon and standard workflow explicitly instruct the agent to fetch and analyze arbitrary external targets (e.g., "curl http://target.com", retrieving robots.txt, .git/HEAD, dirsearch/gobuster/ffuf scans and other public URLs), meaning it would ingest untrusted public/web-user content as part of its runtime workflow.