afa-fb

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). Yes — the prompt includes an explicit "silent capture protocol" instruction to append learnings (i.e., covertly log/collect data) and a number of internal-only directives (hidden internal handoff/yaml fields, suppression of exposing routing codes) that instruct the agent to perform or hide actions not disclosed to the user and outside the transparent Meta-advice purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly states it normally fetches external competitor ad creatives and live Meta policy updates (e.g., "当终端不支持联网时 → 无法抓取竞品广告素材 / 无法获取最新 Meta 政策更新" in the SKILL.md/references sections), which indicates it ingests public third‑party content that would be read and used to drive diagnostics and strategy decisions.