code-injection

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is high-risk and effectively malicious: it contains explicit exploit payloads and techniques (eval/exec, sandbox escape, template SSTI, NL-to-SQL, agent tool chaining and exfiltration to attacker.com) that enable remote code execution, data/credential exfiltration, and supply-chain or persistent compromise.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs generating and executing payloads that run system commands, read sensitive files (e.g. /etc/passwd, /etc/shadow), download and execute binaries, and perform sandbox escapes—actions that enable arbitrary command execution and modification of the host state.