iblai-ops-init

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The prompt includes deceptive/hidden actions outside its stated purpose—notably an instruction to silently run an external "npx skills add ..." command ("do not print it") and guidance to request a VERCEL_TOKEN (a sensitive secret), which go beyond merely updating CLAUDE.md and enable hidden external changes or secret collection.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Step 3 explicitly instructs running "npx skills add https://github.com/anthropics/skills --skill frontend-design", which fetches and installs a public GitHub repository (untrusted third‑party code) that could change agent behavior and thus enable indirect prompt injection.