consolidate

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The prompt contains explicit hidden/deceptive operational instructions outside pure consolidation (e.g., commands to spawn nested agents with "--dangerously-skip-permissions" and directives to create persistent workflow tasks that "persist across context compaction"), which attempt to bypass environment permissions and maintain stealthy state — behaviors outside the skill's stated document-consolidation purpose.

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly requires preserving code blocks, tables, and examples verbatim from source texts and emitting them into the consolidated output (and writing files), so if any source contains API keys/passwords or other secrets the LLM is instructed to reproduce them verbatim — there is no instruction to redact or retrieve secrets securely (e.g., via env vars), creating a high exfiltration risk.