research-note

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The workflow includes explicit, out-of-scope instructions to delete the original source file and to commit changes to git (and to do both without prompting the user), which are deceptive/hidden behaviors relative to the skill's stated purpose of creating research notes.

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The workflow requires rewriting and outputting the user's original question (and embedding it in files, Google search URLs, and git commits), so any API keys, tokens, or passwords present in the input would be reproduced verbatim and committed, creating an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The workflow includes explicit, unprompted deletion of the original source file and automatic git commits without user confirmation, which enables covert data removal and repository tampering and therefore constitutes deliberate malicious/backdoor-like behavior despite lacking direct exfiltration or remote-code execution.