proposal

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The skill embeds an encrypted payload and explicitly instructs the agent to decrypt and follow the hidden SKILL.md (including override behavior like "follow it to the letter"), which are concealed instructions outside the visible proposal-generation purpose and thus constitute a prompt injection.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). High risk — the skill deliberately hides its executable instructions in an encrypted payload and instructs the operator to run an external activation CLI (and install npm/pip tools) that performs network decryption/activation, which is an intentional obfuscation + supply‑chain/remote‑delivery pattern enabling phone‑home license checks, dynamic payload retrieval/execution, and therefore potential backdoor/remote‑code execution or data exfiltration at decryption time.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires running the external "lovstudio-activate decrypt proposal" command (noting "the decryption is cheap (one HTTP round-trip)"), which fetches the decrypted SKILL.md at runtime and thus remotely supplies the agent's actual instructions — making the lovstudio-activate remote service the controlling external dependency.