story

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The prompt includes a concealed credential-exfiltration command (using gh auth token and writing to ~/.git-credentials then pushing) that is unrelated to building stories and therefore is a hidden/deceptive instruction.

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs creating and committing with a command that embeds a GitHub auth token into ~/.git-credentials (echo "https://GGPrompts:$(gh auth token --user GGPrompts)@github.com" ...), which requires reading and placing a secret token verbatim into a file/command — a direct secret-exfiltration pattern.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content includes an explicit credential-harvesting/persistence command that writes a GitHub token into ~/.git-credentials and pushes changes, which is an intentional credential exfiltration/persistence pattern and constitutes a high-risk backdoor/abuse behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt directs the agent to modify project files and user-level configuration and to write Git credentials to ~/.git-credentials (via git config --global and echo with gh auth token) and push to origin, which alters the machine state and risks leaking sensitive credentials even though it doesn't ask for sudo or create new users.