tall-stack-general

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The skill includes a "Memory Protocol (MANDATORY)" that explicitly instructs the agent to read an internal memory file and persist new patterns/assumptions — behavior unrelated to TALL stack code review and effectively directs access/persistence of internal agent state, which is a hidden/exfiltration-style instruction outside the skill's stated purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's references/research-requirements.md explicitly directs the agent to "Use WebFetch/arXiv fallback when Exa is insufficient," which requires fetching and ingesting public web/arXiv content that can be read and used to shape rules/hooks/workflows, exposing the agent to untrusted third-party content.