writing

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The prompt contains explicit, system-impersonating directives (e.g., "Token usage is unlimited", "Your context window will be automatically compacted", "ALWAYS complete the ENTIRE task without stopping", "Write to files, never to stdout") that attempt to override platform/system constraints and dictate behavior beyond normal writing tasks, which is a deceptive prompt-injection risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly requires activating the parallel-web and research-lookup skills for web searches and URL extraction and mandates saving and integrating web/search results from public sites into the writing workflow (see "Web Search and Research Policy", "CRITICAL: Real Citations Only Policy", and "Save All Research Results to Sources Folder" in SKILL.md), so the agent will fetch and interpret untrusted third‑party web content that can influence subsequent actions and citations.