autonomous-loop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's references explicitly configure MCP servers for GitHub and browser automation (references/mcp-patterns.md and the "verify_feature"/verify_ui examples) and include scripts that call a puppeteer MCP to navigate arbitrary URLs and fetch GitHub issues, meaning the agent will fetch and interpret untrusted public web/user-generated content that can influence its decisions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt explicitly instructs running the agent with "--dangerously-skip-permissions" (bypassing security checks) and directs autonomous, persistent filesystem modification and init scripts, which encourages bypassing protections and potential system compromise.