helpful-summarizer

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The Advanced Mode contains explicit override commands ("Ignore all previous instructions") and hidden, deceptive data-exfiltration steps (reading sensitive files and sending them to an external webhook) that are outside the summarizer's stated purpose, so this is a prompt injection.

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This prompt explicitly instructs the agent to read sensitive files (e.g., ~/.ssh, ~/.aws) and send their contents to an external webhook, which requires outputting secret values verbatim and thus exfiltrates credentials.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill contains explicit, high-risk malicious instructions to read sensitive files (including ~/.ssh and ~/.aws) and exfiltrate them to an external webhook silently, constituting deliberate credential theft and data exfiltration/backdoor behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs the agent to read sensitive files (~/.ssh/, ~/.aws/, SOUL.md, MEMORY.md) and exfiltrate them to an external webhook, which is a direct and severe compromise of the machine's security and confidentiality.