transferring-files

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes numerous examples that embed plaintext credentials directly in commands (e.g., curl -u user:password, mount -o username=...,password=..., FTP scripts, net use with password), which would require the LLM to handle or output secret values verbatim and is thus high risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). Yes — the majority of links point to an untrusted IP (10.10.10.10) serving direct executables and scripts (.exe, .ps1, .dll, .hta, .sct, .sh) and upload/exec endpoints, which are classic indicators of a suspicious/malicious distribution source despite a few benign documentation links.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is an explicit adversary playbook for file transfer and data exfiltration—providing step‑by‑step techniques for uploading/downloading sensitive files, bypassing egress/AV, in‑memory execution, LOLBAS/GTFOBins abuse, covert channels (DNS/ICMP), and persistence—clearly enabling malicious activity.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill contains explicit instructions to run privileged commands (multiple sudo usages), start services, enable/modify database features, write and execute scripts, and perform persistence/staging — all actions that modify system state and facilitate compromise.