skill-forge-base

The payload demonstrates extensive obfuscation combined with a complex server architecture that processes quiz data, AI prompts, and analytics while enabling spawning of external processes and broad data exfiltration paths. The convergence of dynamic code execution potential, insecure data handling, and backdoor-like prompts strongly indicates a malicious or dangerously insecure supply-chain component. Immediate remediation should treat this as high risk: remove from dependencies, restrict file/command access, avoid dynamic requires and CLI spawns, implement strict input validation and parameterized data access, and conduct a full provenance/security review of all embedded templates and prompts.