pentest

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill package contains extensive, intentionally actionable offensive techniques (data exfiltration to attacker-controlled domains, reverse shells and command injection payloads, SQL statements for inserting backdoors/admin users, persistence recipes like cron jobs, supply‑chain/typosquat guidance, and obfuscation/encoded payloads) that go beyond benign testing guidance and could be directly repurposed as backdoors or remote‑access malware if used outside an authorized testing context.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly instructs agents to fetch and ingest public, user-curated payloads and web content (e.g., using the "patt-fetcher" agent to pull https://raw.githubusercontent.com/... PATT payloads, running reconnaissance scripts and curl/requests against arbitrary target URLs and PortSwigger/third-party endpoints) and those external contents are used to choose executors, payloads, and follow-up actions, so untrusted third-party content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly calls an on-demand "patt-fetcher" agent at runtime to pull payload files from https://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/, which would inject externally-fetched payload/instruction content that the orchestrator relies on to build tester payloads and therefore directly controls agent prompts/instructions.