bookkeeping

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill intentionally mandates reflexive, unconditional capture of session and user content (without prompting) and includes code paths that send extracted items to external LLM services (Gemini/Anthropic), creating a high-risk data-exfiltration/privacy-backdoor pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). Outsider free text is ingested at runtime from Layer-2 raw extract files (e.g., research/notes/YYYY-MM-DD-*-raw.md) that may contain web clips or social comments authored by others, and Stage 1/2 reads their content into the LLM judge context for scoring.