shell-command

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The prompt contains agent-level directives (e.g., "Never stop after a tool output", "Context Hierarchy" that overrides general model training) that alter the model's turn-taking and instruction-priority behavior beyond the stated shell-execution purpose, which is a prompt-injection risk.

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows insecure patterns like echo "password" | sudo -S command and heredoc/pipe techniques that instruct embedding secret/password strings directly into shell commands, which requires the LLM to handle/output secrets verbatim.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly teaches bypassing security (e.g., echo "password" | sudo -S, ssh -o StrictHostKeyChecking=no) and encourages forced non-interactive system changes (apt-get -y, rm -f), which push the agent toward privileged or state-modifying actions on the host.