octopus-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires running ${HOME}/.claude-octopus/plugin/scripts/orchestrate.sh probe which performs multi-source research, may fetch external URLs (see "When deep research fetches external URLs") and writes synthesis files in ~/.claude-octopus/results that the agent must read and base its output on, so untrusted third‑party content can be ingested and influence actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill forcibly directs the agent to execute a local script (~/.claude-octopus/.../orchestrate.sh) and read/write results/logs, which requires running arbitrary code that can modify the host filesystem and state (though it does not request sudo or explicit system-wide changes).