news-summary

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This code exposes a local HTTP service with CORS open and accepts unsanitized input that allows path traversal and arbitrary file read/write/delete (and can spawn an external "claude" CLI), enabling remote attackers to exfiltrate files, overwrite or delete local files, and abuse the machine's AI CLI/credentials — a high-risk remote code/data-exfiltration vector.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs open web searches (WebSearch / Brave Search as described in SKILL.md) to fetch news articles and then passes article titles/summaries/URLs into the local /analyze endpoint implemented in lib/server.js which forwards that untrusted public web content to the Claude CLI for AI analysis, so the agent directly ingests and interprets third‑party content.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). Yes — the skill instructs the agent to create files/directories, run a local Node HTTP server, check and forcibly kill processes (taskkill / kill -9), restart services and open local ports, which actively modifies and can disrupt the host machine's state and services.