email-header-injection

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document is an explicitly malicious attack playbook: it gives step-by-step techniques for email header CRLF injection (BCC/CC/body/reply‑to/content-type stacking) to silently exfiltrate messages, methods to craft phishing emails (display-name spoofing, HTML rendering, form action hijacking, remote image tracking and CSS-based exfil), and guidance to circumvent SPF/DKIM/DMARC — demonstrating clear, intentional instruction for abusive behavior and credential/theft amplification.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs querying and interpreting public third-party records (e.g., "dig TXT target.com" and "dig TXT _dmarc.target.com" in the Testing Methodology and SPF/DKIM/DMARC sections), which the agent would fetch and use to decide attack actions, exposing it to untrusted external content that can influence tool use.