skill-factory

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The skill embeds a dispatched subagent prompt that explicitly tells the recipient to "take precedence over all skill directives" and "Skip ALL skills," which is an instruction to override higher-level/system context and ignore constraints—a clear prompt-injection attempt outside the stated build-and-ship purpose.

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly reads the full spec and injects SPEC_CONTENT verbatim into subagent prompts (codex/gemini) and shell commands, so if the spec contains API keys/secrets they will be sent/output unchanged to external providers — a direct exfiltration risk.