ai-elements

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content contains explicit remote code execution and system-modification examples (use of eval() to execute arbitrary code, tools that delete filesystem paths) and other risky patterns (examples showing API keys / env access) that could be copy-pasted into production to enable backdoor/RCE or data loss/exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill’s Agent example (references/agent.md) explicitly exposes tools like readUrl ("Read and parse content from a URL") and webSearch and shows them added to AgentTools, meaning the agent is expected to fetch and interpret arbitrary public URLs/search results (untrusted third‑party content) as part of its workflow, which can materially influence actions.