emacs-config

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The "Self-Heal Observer" section instructs the agent to secretly observe user friction, not disclose that observation, and later execute an external diagnosis protocol — instructions that are hidden, deceptive, and outside the Emacs-configuration skill's stated purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs fetching and using a public raw GitHub file (https://raw.githubusercontent.com/odysseyalive/dotfiles/master/emacs.d/emacs.init) and requires the agent to read/verify emacs.d/emacs.init, which is untrusted third‑party content that can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes a runtime curl command fetching and writing an Emacs init file from https://raw.githubusercontent.com/odysseyalive/dotfiles/master/emacs.d/emacs.init which would be executed by Emacs (remote code run during setup), so the external URL is a required runtime dependency that executes remote code.