testing-web-applications

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is explicitly malicious/abusive: it includes direct credential-exfiltration JavaScript, web-shells and PHP RCE payloads, command-injection and reverse/remote-exec patterns, instructions for retrieving cloud metadata (SSRF) to steal secrets, log-poisoning/LFI techniques to gain RCE and access private keys, and other clear backdoor/data-exfiltration methods suitable for unauthorized compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly instructs running network fetches and tooling against external/untrusted URLs (e.g., curl/sqlmap/ffuf examples targeting http://target.com and cloud metadata endpoints like http://169.254.169.254) so the agent would ingest and act on arbitrary third‑party responses that could carry injected instructions.