polpo-agents

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill exposes high-risk capabilities — notably always-available vault_get and http_fetch combined with shell/file-write tools and persistent agent memory — which create clear, easily-abusable vectors for credential theft and data exfiltration (and enable remote code execution/persistence if an agent is compromised), representing a substantial backdoor/exfiltration risk if misused or misconfigured.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly lists and enables web-access tools (browser_, search_, http_fetch in SKILL.md "Extended Tools") and shows a "researcher" agent with web access in references/patterns.md, allowing the agent to fetch and read open/public web content that can influence its decisions and actions.