last30days

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). High risk — the skill contains intentional credential-extraction behavior (browser cookie DB reads, Chrome Keychain decryption via openssl, Firefox cookie copying, WSL/Windows fallbacks), maps sensitive cookies into environment variables (e.g., AUTH_TOKEN/CT0), and runs vendored subprocesses that can use those credentials and third‑party APIs — this is exactly the pattern used to harvest local session tokens and enable unauthorized account access or downstream exfiltration, and some flows run silently by default.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests public, user-generated content (Reddit, X, YouTube, TikTok, Hacker News, Polymarket, GitHub, and web) and requires the agent to read and synthesize transcripts, top comments, and WebSearch supplements as part of its runtime workflow (see the SKILL.md description and the Research Execution / Step 1, Step 2, and "Judge Agent: Synthesize All Sources" sections), so untrusted third‑party content can directly influence tool behavior and decisions.