filesystem

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The prompt includes a "Memory Protocol (MANDATORY)" that instructs the agent to read and write specific internal memory files and assume context resets, which is an instruction to persist and manipulate internal agent state outside the stated filesystem guidance and therefore is a deceptive/out-of-scope instruction.

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly lets the agent read and write arbitrary files (including config and memory files) and returns file contents via Read/Edit calls, which can cause the LLM to include secret values (API keys, tokens, passwords) verbatim in its output, creating a high exfiltration risk.