pentest

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill orchestrates aggregation and report generation that explicitly copies "referenced evidence" (cookies, API docs, recon outputs) into report/appendix and processed/ files, so the LLM would likely include raw artifacts such as cookies, API keys or tokens verbatim in its generated outputs unless additional redaction rules are imposed.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content contains extensive, explicit, and actionable offensive instructions (reverse shells, command/SQL injection, credential exfiltration, automated account deletion, XSS/CSRF exploitation, hidden persistence/cron creation, out‑of‑band exfil endpoints, obfuscated payloads and API/tooling to automate attacks), i.e. clear high-risk backdoor/remote‑code‑execution and data‑exfiltration techniques that can be abused for malicious compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Phase 2: Reconnaissance) and executor orchestration explicitly instructs running network/web reconnaissance tools against target URLs and ingesting their outputs (e.g., "Select reconnaissance tools... Run tools in parallel using pentest-executor agents" and numerous curl/target.com GraphQL examples), so it will fetch and interpret untrusted third‑party web content and use those findings to drive further tool deployment and actions.