deepagent

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content contains high-risk insecure patterns—most notably an eval on user input plus tools for arbitrary code execution, filesystem access, and external requests—that could enable remote code execution and data exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes example tools that fetch and read arbitrary web content—e.g., fetch_data(url) calling requests.get(url).json() and the research_agent examples with web_search and read_url—so the agent can ingest untrusted public web/URL content and must interpret it.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill includes sysadmin and file-manipulation tools (service_action, write_file, delete_file, run_python/execute) that enable changing system files and managing services—capabilities that can modify or compromise the host state even if it doesn't explicitly instruct obtaining sudo or bypassing security.