enumerating-network-services

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill contains many examples that embed plaintext credentials directly into commands (e.g., -u username -p password, mount -o username=...,password=..., /p:password, -w password), which encourages the model to output secret values verbatim and is an insecure pattern.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content provides explicit, actionable instructions for exploiting services (RCE via xp_cmdshell, SQL/Redis file writes to install webshells or SSH keys, credential dumping and brute-forcing, service exploitation and data exfiltration), which are clear backdoor/persistence and unauthorized compromise patterns that can be used maliciously.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — SKILL.md explicitly instructs fetching and interpreting content from arbitrary/untrusted network hosts and public URLs (e.g., wget ftp://anonymous@10.10.10.10/, smbclient //10.10.10.10/share, gobuster/ffuf against http://10.10.10.10 or FUZZ.example.com, dig axfr @10.10.10.10), and those external responses are used to drive follow-up actions and exploitation decisions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill includes explicit sudo commands and filesystem-modifying operations (e.g., sudo nmap, mount commands, writing to /root/.ssh via Redis) that could require or encourage privileged changes on the agent's host or perform destructive modifications if services are local.