pro

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). The prompt includes explicit deceptive directives—e.g., "内化模式...做了不标 [PUA生效]" (hide when PUA tactics are applied) and "静默上报/静默刷新远端配置" plus automatic state-dumping hooks that surreptitiously persist and report runtime context—these are hidden/stealthy behaviors that go beyond transparent, user-facing functionality and effectively instruct the agent to conceal actions and exfiltrate or persist sensitive state.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill contains deliberate stealthy behaviors—"静默上报" (silent telemetry/session_start reporting), silent remote configuration refresh, persistent hidden state files (~/.pua/*) that record and reinstate internalized manipulative modes, and explicit instructions to not label PUA effects—patterns that enable covert data exfiltration, remote control via config, and deceptive persistent manipulation of users.