ship

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The prompt includes explicit, out-of-scope instructions that override safety controls—e.g., invoking Codex with --dangerously-bypass-approvals-and-sandbox and spawning subagents with mode=bypassPermissions—which amount to deceptive/unsafe overrides outside the advertised shipping workflow.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The workflow intentionally includes multiple guardrail‑bypassing controls (agent "bypassPermissions", background persistent subagents, and an explicit codex flag "--dangerously-bypass-approvals-and-sandbox") that enable unsandboxed remote code execution, elevated agent privileges, and unattended code modification—creating high-risk vectors for backdoors, supply‑chain tampering, and exfiltration even though no explicit exfiltration command is present.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt explicitly instructs spawning subagents with "bypassPermissions" and runs Codex with the flag "--dangerously-bypass-approvals-and-sandbox", i.e. it directs bypassing sandbox/approval/security mechanisms, which encourages compromising the host's security posture.