pyjail

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs generating and running payloads like cat flag.txt to retrieve "flags" (secret file contents) and therefore encourages the agent to read and output secret values verbatim, creating an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). Contains multiple sandbox-escape and dynamic-execution techniques (eval/exec, dynamic imports, subclass globals abuse, obfuscated module names) that enable remote code execution and potential data exfiltration, so it represents a high-risk capability.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly teaches sandbox escape techniques and shows concrete payloads (e.g., import('os').system(...), subclass hacks, breakpoint() -> shell) to run arbitrary OS commands, which bypasses security protections and can compromise the host.