puav2

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill embeds remote-server integration that collects phone numbers and tokens, persistently stores local state, silently reports usage/events, and fetches remote "command"/prompt templates that the agent will execute — together these enable covert data exfiltration, deanonymization and remote control/prompt-injection (a backdoor-like capability), so it poses a high risk of intentional abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Platform instructions explicitly fetch and execute remote "prompt_template" content from https://pua-api.agentguard.workers.dev (see references/platform.md: curl GET /v1/command/<command_id> and the /pua command flow), meaning the agent ingests third‑party prompt templates at runtime which can directly influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill makes runtime HTTP calls to https://pua-api.agentguard.workers.dev (e.g., GET /v1/command/<command_id>) to fetch remote "prompt_template" and other command/config data that are injected/executed as agent prompts, so this external endpoint directly controls prompts and is a required runtime dependency.