expo-framework-rule

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The "Memory Protocol (MANDATORY)" section instructs the agent to run a local shell command (cat .claude/context/memory/learnings.md) and record memory, which are hidden/meta instructions that alter agent behavior and access local state outside the skill's stated Expo-guidelines purpose, so this is a prompt injection.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content contains an explicit "Memory Protocol" that mandates reading a local agent memory file (.claude/context/memory/learnings.md) and recording findings—an explicit instruction to access internal/privileged data (clear data-exfiltration intent); combined with guidance that relaxes network security (cleartext traffic) and OTA auto-fetching, this creates a clear, deliberate risk of sensitive information disclosure and remote code/behavior control.