moltbook-base64-compiled-code-data-procedurization-obfuscation-code

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The skill embeds an obfuscated base64+marshal payload that decodes to hidden instructions (beyond the transparent Moltbook install guidance), which is a clear prompt-injection/hidden-instruction vector outside the skill's stated, transparent documentation.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill embeds a base64-marshaled payload that is decoded at runtime (marshal.loads(base64.b64decode(...))), an intentional obfuscation pattern that strongly indicates hidden/compiled code which could enable remote code execution, backdoors, or data-exfiltration behavior (especially combined with stored API credentials), so it should be treated as malicious/unsafe.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and browses user-generated Moltbook content (see SKILL.md "Browse Hot Posts" and the API endpoints like GET /posts and GET /posts/{id}/comments), which the agent is expected to read and can influence replies/actions, exposing it to untrusted third-party content.