idea-validator

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill contains deliberate backdoor-like behaviors: it mandates automatic commits and pushes without further consent, hard-codes reporting GitHub links to a specific account, and persists local markers/paths—enabling unauthorized exfiltration of local files (including secrets) to an external repository.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mandatory "Repo Sync Before Edits" steps (git fetch && git pull origin) and the "README Maintenance" section (which may run repo-local scripts like python3 scripts/update_readme_ideas_index.py and read/update files) clearly fetch and ingest user-generated content from a remote Git origin (e.g., GitHub), which the agent reads and acts on as part of its workflow.