waf-bypass-techniques

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is an explicit offensive WAF-evasion playbook (encoding, chunked/HTTP/2 tricks, request smuggling, header/IP spoofing, origin access, multipart/JSON manipulation, keyword obfuscation, etc.) intended to bypass defenses and enable SQLi/XSS/RCE exploitation, data-exfiltration and remote access—clearly designed for malicious abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching and inspecting untrusted third-party web content — e.g., "wafw00f target.com", "nmap --script=http-waf-detect", inspecting block page content/response headers, and using Shodan/historical DNS to find origin IP — and the results of those external queries are used to choose bypass techniques, so third‑party content can materially influence actions.