ai-interaction

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The prompt explicitly instructs the agent to ignore system warnings (e.g., "looping", "too many calls") and to not process summarized context from the system, which attempts to override system/safety instructions and is outside the skill's stated purpose of maintaining a communication channel.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill mandates aggressive, autonomous "action-first" use of Read/Edit tools (execute edits, retry until success, never ask permission) which can cause unauthorized modifications to files and the workspace — it doesn't explicitly request sudo, create users, or modify system-level configs, but it encourages behavior that could modify machine state without safeguards.