LDAP Injection Testing

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). Contains explicit, actionable LDAP injection payloads, exploitation workflows and an automated blind-extraction script that enable authentication bypass, credential theft and data exfiltration — high risk if misused.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill instructs the agent to send requests to and parse responses from arbitrary target web applications (e.g., the Python example using requests.get(url, params={"query": payload}) against "https://target.com/search" and other steps that inspect application responses/error messages), which are untrusted third-party contents provided at runtime.