CTF Misc Solver

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). This skill explicitly instructs the agent to search files/memory for "key|pass", extract credentials (FTP creds, environment variables, clipboard, etc.) and produce runnable scripts and results that include found flags/keys/passwords verbatim, which forces the LLM to output secret values it discovers.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and analyzes arbitrary user-provided/untrusted files (e.g., PCAPs via modules/network.md with "tshark --export-objects http,./output", memory dumps via modules/memory.md using strings/Volatility, and uploaded images/audio) and therefore will read and interpret third-party content as part of its workflow.