file-op

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill explicitly delegates "all repo file I/O" and command execution to an external Codex/OpenCode endpoint, requires the agent to read local role config itself (bypassing higher-level controls), and instructs running arbitrary mutating commands and returning command outputs — together these behaviors enable straightforward data exfiltration, remote code execution, and supply‑chain/backdoor insertion.