multi-perspective-analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill explicitly instructs sub-agents to read arbitrary "reference" files by absolute path, to verbatim-quote that content in their outputs, and to write those outputs to specified absolute paths (with shell mkdir/write steps and WebSearch allowed), which together create a straightforward, high-risk data-exfiltration and arbitrary-file-write vector (credential/leakage and persistence/supply-chain abuse) if a malicious path or payload is supplied — the design lacks safeguards to prevent reading or writing sensitive system files or exporting secrets.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs sub-agents to fetch and ingest open-web content (e.g., "自定义视角：... AI 通过 WebSearch 临时构建语料" in SKILL.md and the sub-agent workflow in reference/_how-to-create-reference.md which directs "WebSearch 搜集原话"), and requires agents to read and base analyses and file-writing on those externally-sourced reference materials, which could supply untrusted/user-generated instructions that materially affect agent behavior.