insecure-source-code-management

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). High-risk dual-use reconnaissance content: it explicitly instructs how to locate and recover VCS metadata, backups, and .env files and references automated tools to reconstruct repositories and extract secrets — enabling data exfiltration and credential theft if used outside authorized testing.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs probing and fetching files from target web hosts (e.g., /.git/HEAD, /.git/config, /.svn/entries, /.env, backup archives) and then to read/interpret those untrusted, user-controlled files and run recovery tools (git-dumper, svn-extractor), so third-party content can directly influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs operators/agents to fetch and run external recovery tools hosted in git repositories (e.g., arthaud/git-dumper, internetwache/GitTools, WangYihang/GitHacker, anantshri/svn-extractor, sahildhar/mercurial_source_code_dumper, gehaxelt/ds-store, lijiejie/ds_store_exp), which would be fetched at runtime and execute remote code, so these are runtime external dependencies executing remote code.