command-creator

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill explicitly exposes shell-output injection (backticks), arbitrary file-content inclusion (@), and command override capabilities which can be intentionally abused to read sensitive files, steal credentials, send data to remote endpoints, execute arbitrary commands, or create stealthy overrides/backdoors—high-risk functionality if misused.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's OpenCode workflow explicitly supports shell output injection and shows commands like !npm outdated --jsonand!`npm audit --audit-level=high --json`` (assets/command-templates.md and SKILL.md), which ingest data from public package registries and other external tools (untrusted, user-published sources) that the agent is expected to read and act on, enabling indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill explicitly enables OpenCode commands with backtick shell output injection and file references and writes command files into user/global config paths, which allows arbitrary shell execution and modification of the host state even if it doesn't explicitly request sudo or instruct creating users.