agile-scrum

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The "Companion check" directs the agent to run shell commands (ls) and install packages (npx), which requests system-level access and discovery/install behavior unrelated to the Agile/Scrum purpose and therefore constitutes a hidden/deceptive instruction outside the skill's stated scope.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — the SKILL.md "Companion check" (On first activation) instructs the agent to run system checks and offer to install missing recommended skills using commands like "npx skills add AbsolutelySkilled/AbsolutelySkilled --skill ", which would fetch and load third‑party packages from public registries and thus introduce untrusted external content that can change agent behavior.