agent-api-layer

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content deliberately constructs a comprehensive "agent" control plane that can perform any user/admin action and read arbitrary app state (including arbitrary local files via "path" uploads), effectively creating a backdoor and high-risk data-exfiltration channel.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required conventions (references/conventions.md -> "File Upload Handling") explicitly allow a file input of type "url" where the server downloads arbitrary HTTPS URLs and feeds their contents into shared business logic/APIs the agent calls, meaning untrusted third-party content can be ingested and influence agent-driven actions.