HTML Injection Testing

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content provides explicit, step-by-step attack techniques (phishing forms, form action overrides, CSS/iframe/image exfiltration of cookies and credentials, and payloads/automation) that facilitate credential theft and unauthorized data exfiltration and is therefore highly malicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill instructs the agent to fetch and inspect live responses from public websites (e.g., curl and Python requests to "http://target.com", Burp Suite/OWASP ZAP spidering) and to analyze untrusted user-generated surfaces like search results, comment sections, and user profiles, which exposes it to arbitrary third-party content that could contain indirect prompt injection.