prototype-pollution-advanced

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is explicitly a malicious exploitation playbook: it provides step-by-step prototype pollution payloads, filter bypasses, and gadget chains to achieve server-side RCE (child_process/NODE_OPTIONS, template-engine code injection), client-side XSS, and persistence/remote execution — clearly intended to enable unauthorized system compromise and backdoor behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly tells the agent to send payloads and read/interpret responses from external HTTP endpoints (e.g., "Step 1: Inject and check — POST /api/endpoint ... Then: GET /api/anything" in section 3.1), so the agent would fetch and act on untrusted third-party responses that can change subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill contains explicit RCE exploitation techniques and payloads (child_process/NODE_OPTIONS, template-engine gadgets, commands like execSync) that enable running arbitrary commands and altering process/environment, which can compromise the host machine state.