session-deep-dive

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). The prompt explicitly instructs subagents to run in mode="bypassPermissions" (an attempt to override permission controls) and includes strong commands to avoid main-context checks, which are instructions to bypass authority boundaries outside the stated analysis purpose.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt explicitly instructs subagents to use a "mode='bypassPermissions'" and contains steps that write and overwrite project files (including a Python snippet that mutates metrics.jsonl), which encourages bypassing permission/security boundaries and modifying machine state even though it doesn't request sudo or system-level config changes.