procedure-extractor

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The prompt includes an explicit agent template field mode: "bypassPermissions" that instructs agents to override/ignore permission controls—an instruction unrelated to extracting procedures and therefore a hidden/deceptive directive outside the skill's stated purpose.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill template explicitly sets an agent mode "bypassPermissions" (and instructs background/parallel execution), which directs the agent to bypass security/permission controls and therefore encourages compromising the host's security—even though it doesn't explicitly run sudo or create users.