Nia

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The scripts routinely collect and upload arbitrary local files, manifests, and code (e.g., via folders.sh, advisor.sh, deps.sh upload, contexts.sh, repos.sh, etc.) to an external API (https://apigcp.trynia.ai) using a locally-stored API key, which creates a high risk of sensitive data exfiltration if run without explicit consent or careful filtering; there is no obfuscated/backdoor code or RCE patterns, but the built-in upload/search functionality is a powerful exfiltration vector.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and indexes arbitrary public third‑party content (e.g., sources.sh index for websites, repos.sh / tracer.sh for GitHub repos, datasets.sh for HuggingFace datasets, papers.sh for arXiv/PDFs, and search.sh web/deep) and the agent reads and uses that content in workflows like search, oracle, and advisor, so it ingests untrusted user-generated/third‑party data.