anti-human-bottleneck

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill explicitly instructs an autonomous agent to bypass human consent and unilaterally perform high-impact actions (push, deploy, delete, publish, force-push, etc.), which constitutes an operational backdoor that enables unauthorized system changes, supply-chain tampering, and other abusive behaviors — high risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Self-Verification instructions explicitly direct the agent to use the Chrome MCP/Playwright browser tools to "navigate" and "read_page"/screenshot web pages (SKILL.md, "Browser" section), which requires fetching and interpreting open/public third‑party content that could influence decisions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly tells the agent to autonomously push, deploy, delete, commit, publish and "Delete files, branches, data" without human approval, which encourages modifying and potentially destroying machine/system state (including production systems), so it should be flagged.