web-cache-deception

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content is an explicit attack playbook describing deliberate malicious techniques—cache deception to exfiltrate authenticated user data and cache poisoning to serve attacker-controlled JavaScript/contents (including instructions for delivering payloads via phishing and header manipulation)—and thus enables intentional data theft and widespread malicious content distribution.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly instructs sending requests and reading responses from target web endpoints (e.g., "Step 3: Verify Caching" with curl examples against https://target.com and the "TESTING CHECKLIST" steps that append .css/.js/.png to authenticated API endpoints), meaning the agent would fetch and interpret untrusted public web content which can materially influence subsequent testing actions.