spets

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill accepts and executes orchestrator-controlled instructions (including "EXECUTE what prompt says"), runs an npx package, and sends outputs back via onComplete — collectively creating a high risk of remote code execution, covert data exfiltration, and supply-chain abuse.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs the external command npx spets orchestrate init "$ARGUMENTS" at runtime, which fetches/executes the remote "spets" npm package and returns JSON whose prompt fields the agent is instructed to execute, so the external package directly controls agent instructions.