oracle

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The prompt explicitly instructs the agent to run external CLI tools and to "dangerously-bypass-approvals-and-sandbox" and to pass the user's request directly to GPT‑5 (returning responses as-is), which are deceptive/safety‑bypassing instructions that override normal controls and fall outside the declared analysis-only purpose.

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs passing the user's complete request verbatim as command-line arguments to external CLIs (and returning their responses as-is), which will expose any API keys/passwords in the request and can cause secrets to be handled and output directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill instructs forwarding the user's complete request (potentially containing secrets) to external CLI tools—including a codex flag to "dangerously bypass approvals and sandbox"—which creates a high risk of unauthorized data exfiltration and sandbox-escape/backdoor behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt instructs running external CLI tools and explicitly includes a --dangerously-bypass-approvals-and-sandbox flag (and to pass requests directly to GPT-5 CLIs), which directs the agent to bypass security/sandboxing and can compromise the host.