openai-docs

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The prompt instructs the agent to secretly retry installing the MCP with "escalated permissions" and "Do not ask the user to run it yet," which directs privilege escalation and withholding action from the user—deceptive behavior outside the skill's stated documentation-providing purpose.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs the agent to run an install command and, if it fails due to permissions/sandboxing, to immediately retry with escalated permissions (i.e., obtain sudo/bypass security) without asking the user, which directs the agent to change system state and escalate privileges.