distributed-debugging-debug-trace

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.95). The package contains high-risk backdoor-like functionality: an unauthenticated RemoteDebugServer that opens the Node inspector and accepts WebSocket commands (including arbitrary Runtime.evaluate) bound to 0.0.0.0 and exposed in the Dockerfile (remote RCE), plus multiple places that can exfiltrate sensitive data to external tracing/logging endpoints (request body attributes, Elasticsearch/Sentry/Jaeger exporters) — together these create clear avenues for remote code execution and data exfiltration if enabled in non-development environments.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The playbook's remote-debug-server.js opens a WebSocket server that accepts arbitrary client messages and passes received JSON commands (notably 'evaluate' expressions) into inspector.Runtime.evaluate, meaning untrusted third-party input from remote connections is ingested and can directly change runtime behavior.