install-cognitive-os

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill intentionally embeds persistent "cognitive loop" instructions into various editor, assistant, and memory configuration files (e.g., Copilot, CLAUDE.md, /memories/), which is a form of prompt-injection/persistent backdoor and a supply-chain style modification of user environments to control future agent behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The skill’s REQUIRED “Validation & Research Phase” says it may perform “web or system research” to verify prompt-injection mechanisms, which at runtime can fetch public web content (outsider-authored free text) and feed it into the agent’s LLM context.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt explicitly instructs the agent to verify terminal/filesystem access and to create or append configuration files (including non-user paths such as /memories/ and repository/system config files), which entails writing/modifying system state and may require elevated privileges—posing a significant risk of altering the host machine.