redteam

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content contains explicit, actionable offensive techniques (SQL injection PoC, JWT tampering, SSRF to metadata endpoints), credential-theft and exfiltration methods, and guidance on C2/persistence that can be used to deliberately compromise systems and steal data.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's reconnaissance workflow and included script (scripts/recon.sh) explicitly instructs collecting OSINT from public, untrusted sources — e.g., search engine results, crt.sh/certificate transparency logs, social media, GitHub and arbitrary target URLs/domains — and the agent is expected to read and act on those findings to plan follow-up actions, creating a clear avenue for indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.40). The skill explicitly guides offensive actions like "privilege escalation" and "persistence (backdoors, scheduled tasks)" which can encourage modifying a machine's state (e.g., adding persistence or escalated access), even though it doesn't explicitly instruct obtaining sudo, editing system service/SSH files, or creating user accounts on the host.