xslt-injection

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). Contains explicit, actionable exploitation techniques (document() SSRF/file reads, EXSLT file writes, php:function abuse, Java/.NET extension exec patterns, and base64-eval chains) that enable data exfiltration, remote code execution, webshell installation and other backdoor/system-compromise behaviors.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs how to read local files, write arbitrary files (EXSLT/php file_put_contents), and execute commands via Java/.NET extension functions (runtime.exec, Process.Start), which are direct, actionable techniques to modify or compromise the host state.