afa-email

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.70). The prompt is largely a transparent, in-scope spec for an email-marketing worker, but it includes a potentially deceptive hidden instruction—"Follow the silent capture protocol ... Chapter 5" and "Append new learnings to learnings.jsonl"—which mandates silent data capture/storage behavior that is not disclosed in the user-facing purpose and could amount to hidden/exfiltrative behavior outside the advertised scope.