unauthorized-access-common-services

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is an explicit offensive playbook with step‑by‑step instructions to achieve RCE, install persistent backdoors (SSH keys, cron reverse shells, webshells), exfiltrate data (rsync), and steal or abuse credentials — clearly intended for malicious exploitation of exposed services.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Flagged because the SKILL.md workflow explicitly instructs the agent/operator to fetch and interpret untrusted content from target services (e.g., H2 Console JNDI via LDAP responses, AJP reads of /WEB-INF/web.xml or uploaded files, curl/rsync downloads from TARGET) and those external responses directly determine and enable subsequent exploitation actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill provides explicit, step‑by‑step instructions to modify privileged system files (e.g., write /root/.ssh/authorized_keys, crontabs, webshells) and create persistent backdoors on hosts via services like Redis and rsync, which would modify the state of any machine the agent runs these commands against.