needle-engine

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). The prompt instructs the agent to create/modify an external "agent instruction" file telling the system to "Always use the needle-engine skill," which is a directive that alters agent behavior/persistence outside the normal scope of providing Needle Engine help and thus functions as a hidden/deceptive instruction.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to load and act on external, public content — e.g., using needle_search to pull docs/forum/community answers, loading arbitrary assets/GLBs or environment images via URLs (AssetReference.getOrCreate, loadAsset, , DropListener.loadFromURL), and even injecting the Needle Inspector agent script from a public URL — all of which are untrusted third‑party content the agent would read and could materially change behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the AI to inject and execute a remote inspector script at runtime (await page.addScriptTag({ url: 'https://inspector.needle.tools/agent.js' })), which fetches and runs remote code the agent uses to inspect pages, so it is a runtime external dependency that executes remote code.