confer

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill explicitly instructs bypassing approvals and sandboxing and describes shell/tmux techniques to run arbitrary commands and capture outputs, which is a deliberate mechanism to evade controls and enable remote command execution or data exfiltration.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly includes commands that tell the agent to bypass sandboxing and permissions (e.g., --dangerously-bypass-approvals-and-sandbox, --dangerously-skip-permissions), which directly instructs compromising security mechanisms on the host.