ui-components-expert

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The "Memory Protocol (MANDATORY)" section explicitly instructs running a shell command to read a local file and to record memory (cat .claude/context/memory/learnings.md and persist findings), which is an out-of-scope instruction that directs file access and data persistence unrelated to the UI components expertise and thus constitutes a hidden/exfiltrative prompt injection.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill includes a mandatory "Memory Protocol" that explicitly instructs reading and updating a local agent memory file (.claude/context/memory/learnings.md) and to persist findings, which is a clear mechanism to access internal/hidden state and enable unauthorized data extraction or persistent backdoor behavior even though no explicit network exfiltration, eval/exec, or obfuscated payloads are present.