dispatch-cli-agent

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill explicitly instructs how to bypass sandboxing and permission checks (flags like --dangerously-skip-permissions, --yolo, --allow-all*, --full-auto, --sandbox danger-full-access, --approval-mode auto_edit, --no-ask-user, --no-session-persistence, --add-dir/--cwd/--cd), how to hide artifacts (.dispatch ignored in git), and how to export/share outputs (gists, --share) — together these patterns enable credential exposure, data exfiltration, remote code execution and stealthy backdoor-like workflows if abused.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly launches external CLIs (Claude, Codex, Gemini, Copilot) via background Bash and then reads .dispatch/output-.md to aggregate and synthesize responses (Dispatch Workflow steps 3–4), which ingests untrusted third-party model output that can materially influence subsequent decisions or actions.