reconnaissance

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This is an explicit offensive reconnaissance playbook: it contains step‑by‑step instructions for aggressive discovery and vhost brute‑forcing (e.g., Host header brute force against raw IP, certificate SAN abuse, zone transfers, automated subdomain/port scanning) and directs hunting for unauthenticated management APIs (e.g., /api/backup, /api/install) — techniques that strongly facilitate unauthorized access and exploitation even though no explicit backdoor/exfiltration code is present.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs fetching and interpreting live public web content (certificate-transparency/passive DNS, curling HTTP response headers on raw IP, vhost brute-force with ffuf/gobuster, ZAP/Playwright crawling and reading Swagger/OpenAPI docs), which are untrusted third-party sources whose content is used to drive follow-up scanning actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs the agent to add discovered hostnames to /etc/hosts ("Add discovered hostnames to /etc/hosts immediately"), which requires modifying a system file (sudo) and thus compromises the machine's state.