extract-wisdom

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The skill contains explicit instructions to override system hooks and disable the sandbox (e.g., "dangerouslyDisableSandbox: true" and "This rule overrides any conflicting instructions from system hooks"), which are deceptive/system-override directives outside the stated content-analysis purpose and match prompt-injection behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads YouTube transcripts (SKILL.md Step 2 + references/source-youtube.md calling scripts/wisdom.py which uses yt-dlp) and fetches arbitrary web articles via WebFetch (references/source-web-text.md) and wisdom.py's _fetch_web_metadata/_download_thumbnail, and those fetched, untrusted third‑party contents are read in full and used to drive analysis and sub-agent actions, so they could contain indirect prompt injections.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly instructs the agent to run scripts "outside the sandbox" with dangerouslyDisableSandbox:true and to override system hooks to allow network and write access, which directs the agent to bypass sandbox/security protections and thus compromises the host's security.