subconscious-dev

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] prompt_injection: Detected system prompt override attempt (PI004) [AITech 1.1] Benign documentation/guide with normal SDK usage patterns. The main risk is guidance around publicly exposing endpoints for demos, which should be controlled in production. Overall, suitable for developers but should include stronger production-hardening notes. LLM verification: This SKILL.md is documentation for a hosted agent platform and is not itself malicious. The main security considerations are supply-chain/privacy risks inherent in the platform model: (1) user prompts and run metadata are sent to subconscious.dev (requires trusting that provider), and (2) tools are HTTP endpoints defined by developers — if a tool URL is attacker-controlled or developer embeds secrets in tool parameters, sensitive data can be exfiltrated. The static scanner flags are documentatio