injection

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content includes explicit, actionable exploitation instructions and payloads (webshell/cron/SSH key writes via Redis Gopher, reverse shells, OS/SQL/NoSQL/SSJI command execution, XXE/SSRF/Out‑of‑band exfiltration, scripts to steal creds/tokens and persist access), which demonstrate clear malicious/backdoor capabilities and high-risk data-exfiltration and system-compromise behaviors.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow requires testing live targets and the included reference files (e.g., reference/nosql-injection-advanced.md) contain Python scripts and curl commands that send requests to arbitrary target URLs and parse response text/headers, so the agent would fetch and interpret untrusted public web content that can change subsequent actions.