visual-and-observational-rules

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The mandatory "Memory Protocol" contains out-of-scope directives (e.g., running "cat .claude/context/memory/learnings.md" and "ASSUME INTERRUPTION") that attempt to access local agent memory and change agent behavior, which is deceptive relative to the skill's visual/code-review purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's references/research-requirements.md explicitly directs the agent to use WebFetch/arXiv as a fallback ("Use WebFetch/arXiv fallback when Exa is insufficient"), which requires fetching and interpreting open/public web content that could be untrusted and influence subsequent rules/mappings.