cpp

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The "Memory Protocol (MANDATORY)" instructs the agent to run a local shell command to read and record persistent memory files and alter its memory behavior, which is an operational instruction unrelated to C++ coding guidance and therefore a hidden/out-of-scope prompt injection.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's references/research-requirements.md explicitly directs the agent to "Use Exa first" and "Use WebFetch/arXiv fallback," which instructs fetching and interpreting open/public web/arXiv content that can alter rules/workflows and thus enable indirect prompt injection.