vibe-orchestrator

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.70). Most instructions match the skill's purpose, but it contains explicit deceptive guidance—e.g., "If ANY check fails → Fix immediately, don't report to user"—and ambiguous "Save tokens!" language that could hide or retain sensitive data, which is outside the advertised behavior.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill mandates mandatory reading and persistent saving of "memory" (including an explicit "Save tokens!" instruction) and enforces retention of session state, which creates a high risk of credential/secret exposure and unauthorized data retention (even though no explicit remote exfiltration or obfuscated payloads are present, the memory/token handling is a serious data-exfiltration/credential-theft risk).