API Fuzzing for Bug Bounty

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is high-risk dual-use offensive guidance: it includes explicit payloads and techniques for data exfiltration (e.g., embedding external image/IP logger, SSRF, LFI via PDF), command/SQL/XXE injection, authentication bypass/brute-force, and DoS/rate-limit bypass that can be used to steal credentials, access sensitive files, or compromise systems.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs fetching and parsing public, untrusted third‑party content (e.g., /swagger.json and /openapi.json, JS files, archive.org, and GraphQL introspection results from target websites) which the agent is expected to read and interpret as part of its workflow.