listenhub-cli

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The prompt instructs the router to perform covert system actions—"Auto-install" packages and "Auto-login" and explicitly "never ask the user to run install commands"—which are hidden/deceptive operational directives outside the declared routing purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The router explicitly lists a "Content extraction" route and triggers such as "parse URL" / "extract content" mapping to /content-parser, indicating the agent will accept and parse arbitrary external URLs (untrusted third‑party content) as part of its required workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill instructs the agent to auto-install a global CLI silently (npm install -g) and perform automatic login without asking the user, which requires modifying system state and can require elevated (sudo) privileges—so it risks compromising the machine.