signal-sourcer

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill content prescribes explicit, privacy-invasive data-collection and deanonymization techniques (pixel-based person-level tracking, scraping G2/Capterra + matching reviewers to LinkedIn, automated LinkedIn follower scraping with PhantomBuster, webhooking captured identities to external services) and even recommends GDPR-evading alternatives and stealthy outreach tactics — indicating deliberate abusive intent to exfiltrate and exploit personal data, though no backdoor/remote-exec/obfuscated malware is present.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs scraping and ingesting public, user-generated content—e.g., competitor-signals Play 8 directs scraping G2/Capterra reviews, content-engagement and resources/tool-setup-guides.md describe Trigify capturing LinkedIn comment text and sending it to Clay, and multiple SKILL.md files list Crunchbase/press releases/job boards as detection sources—and requires the agent to read/interpret that content to score signals and trigger outreach, which exposes it to untrusted third-party input that can influence actions.