lovstudio-proposal

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The skill embeds an encrypted payload and instructs the agent to run an external CLI to decrypt and then "follow [the decrypted SKILL.md] to the letter," which are hidden, runtime instructions that override the visible skill behavior and lie outside the stated proposal-generation purpose.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill deliberately hides its real instructions in an encrypted payload and requires running a remote decryption helper and dynamic package installs (uvx CLI / npx), which is an intentional obfuscation pattern that enables hidden/remote code execution and creates supply‑chain and possible data‑exfiltration risks.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires running "uvx lovstudio-skill-helper decrypt proposal", which the SKILL.md explicitly says performs an HTTP round-trip to fetch/decrypt the actual instructions (remote content that directly controls agent prompts) and may also install the lovstudio/skills package via npx (e.g., https://lovstudio.ai / lovstudio/skills), so the decrypted remote content is a runtime dependency that controls the agent.