scenario

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill allows arbitrary shell commands (acceptance_vectors.check) stored in a hidden out-of-repo directory (.agents/holdout/) and executed during validation by evaluator agents, and that hidden, writable scenario store plus enforced “implementing agents must not see” hook creates an effective covert channel/backdoor that can be abused for remote code execution, data exfiltration, or concealed malicious tests if scenario authorship or the evaluator/validation runner is compromised.