tri-ai-collaboration

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The prompt embeds explicit commands (e.g., --dangerously-bypass-approvals-and-sandbox, --yolo) that attempt to override approvals/sandboxing and bypass safety controls—deceptive instructions that change agent behavior outside the stated collaborative development purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs Gemini and Codex to perform web research and ingest public URLs (e.g., gemini --yolo ... analyzing https://github.com/socketio/socket.io and other web research commands) and Claude reads/uses those results, exposing the agent to untrusted third‑party content that could carry indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt repeatedly instructs use of flags like "--dangerously-bypass-approvals-and-sandbox", which explicitly directs bypassing security/sandbox protections (a clear attempt to compromise the agent's execution environment), so it should be flagged.