cmux-second-opinion

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill is primarily a legit utility for delegating reviews but contains explicit, intentional instructions to bypass agent approvals/sandboxes (e.g. --dangerously-bypass-approvals-and-sandbox, --dangerously-skip-permissions) and a workflow that sends local diffs/specs to external reviewer agents, which together create a high-risk capability for sandbox escape and unintended data exfiltration.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs using reviewer commands with flags like "--dangerously-bypass-approvals-and-sandbox" and "--dangerously-skip-permissions", which direct bypassing of security/sandbox protections and therefore encourages compromising the host's security boundary.