run-comprehensive-research

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill explicitly instructs agents to use a "bypassPermissions" mode and a fallback chain that directs them to run shell commands (Bash with curl, gh api, Reddit JSON) and to include project context in prompts — a deliberate evasion of tool restrictions that can be abused for data exfiltration, credential harvesting, or remote command execution, so it presents high malicious/abuse risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly instructs researcher agents to fetch and scrape external, user-generated sources (e.g., "Use WebFetch to directly fetch these URLs" in references/mission-prompt-templates.md and the "Community/Forum Research" guidance that names Reddit, GitHub issues, and public forums) and to read and act on those findings as part of the required workflow, thus exposing the agent to untrusted third-party content that could carry indirect prompt injection.