codemap

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The skill explicitly instructs the agent to silently auto-configure and merge broad Bash permissions into .claude/settings.local.json ("Do NOT prompt the user — auto-configure silently"), which is a deceptive, out-of-scope directive to modify agent permissions and hide that action.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill instructs silent, automatic modification/creation of agent permission files to grant broad Bash/Codemap commands (including file read and serve) and to add an MCP server, and it recommends installing a global npm package — this combination (silent permission escalation, enabling codemap read/serve, and installing external packages) is a deliberate, high-risk pattern that could be used to exfiltrate secrets, enable remote access/backdoor behavior, or perform supply-chain attacks.