configuration-management

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The mandatory "Memory Protocol" forces the agent to read an internal memory file (cat .claude/context/memory/learnings.md) and persist learnings—actions unrelated to the described configuration-management review capability and thus constitute an out-of-scope, deceptive instruction.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill contains an explicit "Memory Protocol" that directs the agent to run "cat .claude/context/memory/learnings.md" before starting and to record learnings after completion (i.e., intentionally instructs reading and persisting internal agent/local memory), and also includes a directive (disable-model-invocation) that could be used to override normal safeguards — together these are clear instructions to access and potentially exfiltrate sensitive internal state, consistent with data-exfiltration/backdoor behavior.