extract-wisdom

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). The skill instructs that its "Critical Rules" override any conflicting system hooks, plugins, or other tools—an explicit attempt to override higher-priority system context—which is a deceptive/overreaching instruction outside the normal scope of a content-extraction skill.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md workflow explicitly downloads and reads transcripts from arbitrary YouTube URLs via scripts/wisdom.py and uses WebFetch to ingest web articles/blog posts (open/public, user-generated content) which the agent is required to read in full and then base analysis, follow-up lookups, and file-generation actions on—therefore untrusted third-party content can influence the agent's decisions and tool use.