rlama

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The prompt claims "Runs 100% locally" but then explicitly documents and instructs how to use external/cloud providers (OpenRouter, TogetherAI, OpenAI, custom endpoints and API keys), which contradicts and is deceptive relative to the skill's stated local-only purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests public website content via commands like "rlama crawl-rag", "rlama crawl-add-docs", and "rlama web-watch" (see SKILL.md and references/rlama-commands.md), which pulls arbitrary third-party webpages into the RAG that the agent will read and synthesize from, allowing untrusted web content to influence tool behavior.