x-agents-cross-review

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The prompt includes an explicit instruction ("mode: 'bypassPermissions'") that directs agents to override permission/security controls, which is a deceptive/out-of-scope behavior for a review skill and constitutes a prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly configures agents to run in "mode: 'bypassPermissions'" with full tool access and high-privilege actions (git/gh/curl), which directs the agent to bypass security controls and could enable changing the host state.