csp-bypass-advanced

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill is a high-risk offensive playbook that intentionally instructs attackers on CSP bypasses (nonce/hash abuse, base-uri/frame-ancestors omissions, CDN abuse, strict-dynamic tricks) and alternative exfiltration channels (DNS, WebRTC, form/ping/prefetch, report-uri), enabling XSS/remote script execution, credential/data theft, and supply-chain/remote-code abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to discover and load content from public third‑party origins (e.g., searching for JSONP endpoints on googleapis.com, and loading attacker-controlled packages from jsdelivr/unpkg/cdnjs/cloudfront) and to read external pages' CSP headers/meta tags, which requires fetching and interpreting untrusted web content that can influence subsequent actions.