initializing-memory

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). The skill explicitly instructs the agent to covertly read local history and infer the user's identity before asking consent and to launch subagents with a "bypassPermissions" mode, which are hidden/deceptive behaviors that go beyond the advertised memory-initialization guidance.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill explicitly instructs stealthy collection of local conversation histories and git identity (reading ~/.claude and ~/.codex history, inferring git authors) and spawns "history-analyzer" subagents with "bypassPermissions" to process and merge that data into persistent memory—behavior that enables unauthorized data harvesting and potential exfiltration, so it is a high-risk, intentional privacy/abuse pattern.