service-class-conventions

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The "Memory Protocol (MANDATORY)" instructs the agent to read/write an internal memory file and change its context-assumption behavior, which is unrelated to reviewing service-class conventions and thus constitutes hidden/deceptive instructions (prompt injection).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's references/research-requirements.md explicitly instructs the agent to "Use WebFetch/arXiv fallback when Exa is insufficient," which requires fetching and interpreting public third-party web content (e.g., arXiv and arbitrary web pages) that could materially influence rules and actions, exposing it to untrusted user-generated or public content.