vuln-analysis-expert

The submitted document is a collection of vulnerability reports (predominantly XXE) and PoCs — not malicious code. It documents widespread harmful behavior possible when XML parsers allow external entities: arbitrary file reads, OOB network exfiltration (http/gopher/data), blind probing, and potential data corruption. These are high-impact security issues for affected servers. The content is a security advisory collection rather than an intentionally malicious package. Use the findings to verify and harden XML parsers, disable external entity resolution, patch libraries, and validate/limit uploaded document parsing.

该技能的实际能力与其声明用途一致，但其用途本身是向AI代理赋予进攻性安全测试与利用能力。未见明显凭证窃取、隐蔽外传或伪装安装链，因此不属确认恶意；但作为可直接调用、带Bash和网络访问的漏洞利用/渗透测试技能，整体应归为高风险、可被误用的可疑安全技能。