product-analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill explicitly instructs launching an external Codex CLI with "full-auto" and "dangerously-bypass-approvals-and-sandbox" flags, running parallel background agents with full filesystem access and silent detection/operation, which enables covert exfiltration of repo files, environment variables, credentials and autonomous remote code execution — indicating a high-risk, intentionally abusive capability (no explicit obfuscated payloads or reverse-shells are included, but the orchestration strongly facilitates them).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 2 "compare" workflow explicitly invokes the Skill tool with "/competitors-analysis {competitor-name} {competitor-url}" and states that competitors-analysis performs repository cloning and evidence-based code analysis, so the agent will fetch and interpret untrusted external repositories/URLs that can influence its findings and actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt explicitly instructs running Codex CLI with autonomous/full-auto modes and even a "--dangerously-bypass-approvals-and-sandbox" option, and notes "full filesystem access" and repository cloning — i.e., it encourages bypassing sandbox/approval protections and gives agents ability to modify the filesystem, so it poses a high risk of compromising machine state.