clickjacking

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill is an explicit attack playbook: it provides step‑by‑step clickjacking PoCs (transparent iframes, multi‑step positioning), bypass techniques (sandbox/frame‑busting, double‑framing), and explicit data‑exfiltration/credential‑theft vectors (HTML5 drag‑and‑drop to transfer tokens, targeting OAuth/API keys/admin actions), indicating deliberate malicious intent.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs loading and inspecting arbitrary target pages (e.g., iframe PoC examples like , "Check X-Frame-Options Header", and examining frame-busting scripts), which requires fetching and interpreting untrusted third-party web content that can materially influence the agent's next actions.