visual-indexer

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). Yes — the template includes an explicit "mode: 'bypassPermissions'" instruction for spawned Agents, which is an out-of-scope/deceptive directive to override platform permissions and thus constitutes a prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs the Agent template to run with mode: "bypassPermissions", i.e. to bypass permission/security controls (a direct security-bypass instruction), while the rest of the skill only reads project files and writes local JSONs.