dns-rebinding-attacks

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). The vast majority of these URLs are attacker-controlled endpoints (attacker.com / exfil.attacker.com) clearly intended for DNS-rebinding and data-exfiltration (highly malicious), while only the GitHub nccgroup/singularity repo is a legitimate security tool; overall this set is a suspicious/malicious download/exfiltration source.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document is an explicit, operational DNS rebinding attack playbook containing concrete malicious patterns: automated data exfiltration (navigator.sendBeacon/fetch to attacker endpoints), credential theft (cloud metadata IMDS exfiltration), remote compromise vectors (Docker/Kubernetes API access, WebSocket command channels for remote actions), plus tooling and DNS/TTL manipulation techniques to bypass defenses — i.e., intentionally malicious guidance.