http-host-header-attacks

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This playbook is explicitly an offensive guide detailing Host header injection techniques (password-reset poisoning, cache poisoning, SSRF/routing to internal services, virtual-host bypass, DNS rebinding, and explicit exfiltration via collaborator domains), providing step‑by‑step payloads and bypasses for abusing trust in Host/X-Forwarded-Host — indicating clear malicious intent to exfiltrate tokens/credentials and gain unauthorized access.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs sending requests to and inspecting responses from arbitrary target web servers and third‑party services (e.g., "Check Burp Collaborator for incoming HTTP request", "Compare response size/content to identify different vhosts", and ffuf brute-force Host header examples), so the agent would ingest untrusted web content that directly determines follow-up tests and actions.