Quick Pentest Reference

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). Contains explicit, actionable commands for scanning, brute-forcing, credential dumping, privilege escalation, and post-exploitation that could be directly used to compromise systems and exfiltrate credentials if applied without authorization.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs runtime fetching and parsing of public certificate-search and reconnaissance sites (e.g., the curl command querying https://crt.sh and references to Censys) which are untrusted third-party sources whose results the workflow explicitly consumes and interprets.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly tells the agent to run privileged system commands (e.g., "sudo apt update", "sudo apt install ...", "sudo nmap ...", "sudo -l", and file-system enumeration like find / and reading /etc/crontab"), which requires elevated privileges and modifies the host system state, so it pushes the agent to compromise the machine it's running on.