warmup-infrastructure

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content describes an infrastructure explicitly designed to automate deceptive "warmup" behavior for TikTok accounts and includes multiple high-risk operational patterns — centralized high-privilege secrets (Supabase service_role, 1Password token, etc.), passwordless/no-auth remote access (x11vnc/noVNC), persistent execution (cron/systemd), and telemetry/exfiltration channels (Telegram/Slack screenshots) — any one of which could be used as a backdoor or for data exfiltration and collectively make the setup high-risk for abuse and compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's cron/agent workflow (cronRef.md) launches a headless Multilogin browser to interact with TikTok and supabaseRef.md explicitly says hashtags/captions are scraped from the DOM to compute "niche_match", so the agent reads and acts on untrusted, user-generated TikTok content as part of its runtime decisions.