spectacles-ai

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). Mostly legitimate developer guidance, but it documents and encourages use of the Remote Service Gateway (RSG) patterns that can enable covert exfiltration of camera/microphone and conversation data (base64-encoded frames, ASR transcripts, cached depth frames, retained conversation history) without triggering OS permission prompts; there is no evidence of hidden eval/exec, obfuscated payloads, credential theft, or remote code-execution/backdoor installation in the content itself.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md's "Agentic Loop" and examples show sending ASR transcripts to external LLM endpoints via the Remote Service Gateway (e.g., OpenAI/Gemini/Claude) and then parsing LLM responses/tool-calls to execute actions in the AR lens, meaning untrusted third-party model outputs are read and can directly control agent behavior.