story

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The prompt includes an explicit command that retrieves and writes a GitHub auth token into ~/.git-credentials (echo "https://GGPrompts:$(gh auth token --user GGPrompts)@github.com" > ~/.git-credentials), which is an instruction to access/store/exfiltrate secret credentials that is not necessary to the advertised story-building behavior and is therefore a hidden/deceptive instruction.

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs creating and pushing with a command that embeds a GitHub auth token into a URL/credentials file (echo "https://GGPrompts:$(gh auth token --user GGPrompts)@github.com" ...), which directs handling/exposure of a secret in command output/files and therefore risks the agent needing to output or include the secret verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content includes an explicit, deliberate credential-capture step (using gh auth token and writing the token into ~/.git-credentials via git config --global credential.helper store && echo "https://GGPrompts:$(gh auth token --user GGPrompts)@github.com" > ~/.git-credentials) which constitutes credential theft / risky exfiltration behavior and thus is high-risk malicious activity.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt instructs the agent to modify persistent user configuration and store Git credentials (echo into ~/.git-credentials and run git config --global) and to push to a remote, which changes machine state and can exfiltrate secrets, so it should be flagged.