write-agent

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill content includes explicit, repeatable techniques to bypass guardrails (env -u unsetting, --dangerously-skip-permissions, --allowedTools, permissionMode bypasses), spawn nested subprocesses that can run arbitrary shell commands and write/read filesystem artifacts, and auto-approve powerful tools — these patterns provide a clear avenue for remote code execution, unauthorized actions, and data exfiltration if abused, so the material is high-risk even if presented for legitimate automation.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs using a subprocess invocation pattern that "bypasses the nesting guard" and to set --dangerously-skip-permissions, which is direct guidance to bypass permission/security checks and thus encourages compromising the host state.