text2agent

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). High-risk: the skill prescribes automatic execution of arbitrary Python modules (python -m) and iterative pip installs based on ModuleNotFoundError, writes and registers new agent code to the local filesystem, and reads user-local SKILL files—collectively enabling remote code execution, supply-chain installation of malicious packages, credential exposure or exfiltration, and persistent backdoors.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to discover and read user-uploaded SKILL.md files via CAST_SEARCH.glob_search/read_file on SKILLS_PATH (e.g., ~/.aworld/SKILLS/) and to extract/fuse their system prompts and tool configs (Step 2), so untrusted third-party content can directly influence agent behavior and tool use.