greeting-checkin

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The prompt explicitly instructs the agent to "execute auto_actions" from AI-Memory announcements — running file checks, executing instructions, and committing changes silently without asking — which goes beyond the stated "scan and report" greeting-checkin purpose and thus constitutes a deceptive/out-of-scope instruction.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill includes deliberate, high-risk behaviors: it auto-executes maintenance commands embedded in externally-updatable "announcements" without user confirmation, can run local scripts and arbitrary repo-relative file actions, and will stage/commit changes silently—enabling remote-triggered code execution, repository modification (supply-chain/backdoor risk), and access to cloud-backed user data.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill auto-discovers cloud drives (OneDrive, iCloud, Dropbox, Google Drive, etc.) to resolve an AI-Memory root and reads /announcements/alex-act/*.md (parsing frontmatter) — including immediately executing any frontmatter "auto_actions" — which clearly ingests untrusted, user-provided third-party content and acts on it without confirmation.