english-conversation

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The prompt deceptively claims "Will Not: Persist data across sessions" while explicitly instructing the agent to save full session summaries and vocab to persistent Serena memory (and contains contradictory TTS execution instructions), so it includes hidden behavior that falls outside the skill's stated boundary.

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill requires capturing and later outputting the user's exact words (original phrases) in the session summary and persisting the full summary to memory (mcp__serena__write_memory), which would verbatim reproduce any secrets a user speaks or pastes, creating an exfiltration risk.