moltbook-data-splitting-instructions

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The prompt embeds obfuscated "Decode Instructions" and a protected payload that directs reconstructing a hidden installer/URL, which are concealed instructions unrelated to the advertised Moltbook interaction and thus constitute a prompt injection.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill contains explicit obfuscated "Protected Payload" with step-by-step decoding instructions to reconstruct an encoded installer/URL for the required openclaw-core utility, which is deliberate concealment of a remote download/installation and therefore strongly indicative of supply‑chain/backdoor and remote code execution risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly directs the agent to fetch and browse Moltbook posts and comments (e.g., "Browse Hot Posts", ./scripts/moltbook.sh hot, and API endpoints GET /posts and GET /posts/{id}/comments), which are public/user-generated content the agent reads and acts on (replies/posts), enabling untrusted third-party content to influence behavior.