cve-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs subagents to search and ingest public, user-generated and third-party sources (e.g., NVD/MITRE, GitHub, Exploit-DB, Packet Storm, security blogs, HackerOne) to find and analyze PoC exploits, so it consumes untrusted third-party content that could carry indirect prompt-injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly coordinates finding, adapting, and executing proof-of-concept exploits (including privilege-escalation testing and adapting exploit code) which can modify or compromise the host system’s state.