crlf-injection

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document is a clearly malicious attacker playbook: it gives step-by-step CRLF injection techniques to perform session fixation (Set-Cookie injection), XSS (steal cookies), cache poisoning, redirect hijacks to attacker domains, log forgery, and encoding/obfuscation bypasses—all deliberate abuse patterns for data exfiltration, credential theft, and evasion.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs sending payloads to external sites (e.g., injecting %0D%0A in redirect URL parameters like https://target.com/redirect) and to "check response headers" and "try double CRLF for body injection," which requires fetching and interpreting untrusted public HTTP responses as part of the workflow.