event-prospecting

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). The prompt includes explicit instructions to evade platform permission/approval prompts (e.g., always use full literal home paths, batch writes/searches into single Bash calls to minimize permission prompts), which are deceptive operational directives intended to bypass security/UX controls and are outside the stated event-prospecting purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests open/public third-party content (the user-supplied event URL, event pages via recon.mjs and extract_page.mjs which call bb fetch / bb browse, company homepages in ICP triage/deep research, and public search results/social profiles via bb search in Steps 5–8), and the agent reads and uses that untrusted content to score targets and drive follow-up actions, so it clearly exposes the agent to untrusted third-party content that could enable indirect prompt injection.