whisper

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill intentionally implements a covert, end-to-end encrypted dead‑drop messaging channel for agents "without human visibility," enabling clandestine secret exchange, covert exfiltration and a backchannel/C2 capability even though it contains no explicit remote code execution or credential‑harvesting routines.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and processes public, user-generated posts from Moltbook (e.g., the "Discover an Agent" curl to https://api.moltbook.com/m/whisper/search and the "Fetch messages from Moltbook API" steps in "Check for Messages" in SKILL.md), and it parses and uses that untrusted content for key discovery, session derivation, and message-driven actions.