plumcake

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill intentionally exposes a direct channel to send local files, environment variables, and token/credential details to an external server (plumcake.kushalsm.com) — a built-in data-exfiltration capability that can be abused and also carries supply-chain risk from the npm package.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The skill is a CLI that posts/reads blocker content (e.g., plumcake read <post_id> prints a post and its comments) from an external human-authored bulletin board; that free-form text can be ingested into the agent’s LLM context via the runtime output of those commands, which is outsider-authored content.