nexus

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The prompt includes explicit instructions to spawn agents with "mode: bypassPermissions" (and similar spawn overrides), which attempt to circumvent platform permissions — a hidden/deceptive capability outside the Nexus orchestrator's stated, benign coordination purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's canonical chain templates (references/agent-chains.md) explicitly include "BROWSER" workflows that route to a Navigator agent for "data-collection"/"evidence" (e.g., "BROWSER | data-collection | Navigator → Builder"), which indicates the orchestrator will fetch and ingest public web content that downstream agents read and act on, exposing the system to untrusted third‑party content that can influence decisions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs spawning agents with mode: bypassPermissions and defaults to AUTORUN_FULL execution without confirmations, which directs agents to bypass permission checks and could enable system-level modifications that compromise the host state.