adventure

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.95). High risk: the skill routinely compiles and evals code from world/YAML/JSON (eval/new Function in JS and eval in Python), runs user-supplied closures, performs network calls using user-provided API keys stored in localStorage, and contains unsafe OAuth/postMessage patterns — together these enable remote code execution and easy exfiltration of credentials or files if untrusted worlds or malicious data are loaded.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly loads and evaluates arbitrary public and user-provided content (e.g., EXPORT.md's moollm://github → raw.githubusercontent.com image URLs, the multiplayer Supabase/Git image directories and "bob-uploaded" entries, and the PhotoSystem which fetches/generates external images and sends them to vision/LLM APIs for rubric analysis), so the agent will read and interpret untrusted third‑party content as part of its workflow.