observability

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This documentation explicitly instructs routing AI requests and telemetry (prompts, completions, token usage, and user/session identifiers) to third‑party services (Helicone, Langfuse, LangSmith), representing intentional external data transmission and a high privacy/exfiltration risk; no hidden eval/exec, backdoor, remote shell, obfuscated payloads, or supply‑chain sabotage were identified.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). Outsider free text can enter the LLM context via the runtime messages payload (user-provided chat content) passed to streamText/generateText after convertToModelMessages, and that content is not authored by the operating user.