work

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill contains deliberate guard-bypass and automation patterns that enable destructive actions (rm -rf, git push), background agents with wide shell permissions, and delegated CLI execution (codex exec) that can exfiltrate or push project data — these are explicit, intentional mechanisms that can be abused for backdoor or supply-chain compromise.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill explicitly enables bypassing internal guards (e.g. "bypass_guards": ["rm_rf", "git_push"]) and contains automation that writes/removes repository and state files and performs auto-commit/push actions, which encourages destructive or security-bypassing modifications to the host environment even though it doesn't request sudo or system-level config changes.