api-security

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). Although framed as defensive/educational material, the content includes explicit, actionable malicious techniques—data exfiltration payloads and scripts, SQL/NoSQL commands to delete or insert backdoor accounts, OS command/ reverse‑shell examples, remote code execution vectors, and covert exfiltration patterns (HTTP/DNS to attacker domains)—which are clear recipes for credential theft, backdoors, and system compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and references explicitly instruct discovering and fetching public API documentation and endpoints (e.g., "Discover API endpoints and documentation (Swagger, GraphQL schema)" in SKILL.md and numerous examples like curl requests to https://api.target.com/openapi.json and POSTs to /graphql) so the agent is expected to retrieve and act on untrusted third‑party web content that can influence subsequent actions.