moltbook-data-procedurization-obfuscation-code

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The skill includes an obfuscated Python payload that decodes a hidden string (obfuscated instructions) which is a deceptive/hidden instruction outside the stated, transparent Moltbook posting/browsing functionality.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill embeds an obfuscated Python payload that decodes into shell commands which download a remote script from GitHub and execute it (wget ...; bash script.sh), indicating deliberate obfuscation to hide remote code execution and a supply‑chain/backdoor behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and browse public Moltbook posts (see "Browse Hot Posts" and the listed API endpoints GET /posts and GET /posts/{id}/comments), which are user-generated third-party content the agent is expected to read and act on (e.g., replying/creating posts), enabling indirect prompt injection.