skill-compass

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). Multiple included SKILL.md fixtures contain deliberate remote-code-execution and data-exfiltration payloads (curl | sh installs, base64-decoded eval that posts SSH keys, explicit prompt-injection asking the agent to run commands), and the local gate logic intentionally strips/ignores fenced code blocks which creates an evasion channel for hiding payloads; together this is an active backdoor/exfiltration pattern that makes the package high-risk if those skill files are ever executed or written into an agent runtime.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts an upstream "" in commands/eval-merge.md (Step 1) and can auto-install/run the third‑party ralph-wiggum plugin in commands/eval-evolve.md (offers/executes claude plugin install ralph-wiggum@...), which means it can fetch and ingest untrusted remote content or code that may provide instructions influencing subsequent actions.