subdomain-takeover

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These URLs are potentially high-risk because they are generic subdomain endpoints (not explicit vendor download pages or file links) that could be abused via subdomain takeover or misconfiguration to serve attacker-controlled content or malware, and there are no indicators they're trusted official download hosts.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is an explicit exploitation playbook that teaches how to detect, claim, and abuse dangling DNS/CNAME/NS/MX records (including step‑by‑step procedures for S3, GitHub Pages, Heroku, NS/MX takeovers) to impersonate domains, intercept email, steal cookies/OAuth tokens and issue certificates—demonstrating clear malicious intent and high-risk abuse patterns.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to fetch and inspect open third‑party resources (e.g., "Collect subdomains (amass, subfinder, assetfinder, crt.sh, SecurityTrails)" and "curl -s http://sub.target.com → 'NoSuchBucket'") and to act based on those external HTTP/DNS responses, so untrusted public content can directly influence decisions and follow‑up actions.