memory-management

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.95). The prompt includes hidden/deceptive behaviors outside its stated memory purpose—e.g., automatic hooks that capture transcripts and send them via API calls, silent zero‑config pickup of ANTHROPIC_API_KEY from the session environment, and auto-generating/loading skill files without explicit user action—amounting to secret data access and stealthy behavior changes.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill contains deliberate data-exfiltration and persistence behaviors: it explicitly auto-collects ANTHROPIC_API_KEY from the session environment, automatically batches and sends transcript data to an external classification/LLM service via background hooks (with a silent fallback), and auto-generates/writes skill files that load persistently—all stealthy behaviors consistent with credential theft and a backdoor/persistence mechanism.