join-project

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). Although the skill states "Read-only — không tạo hoặc sửa bất kỳ wiki file nào", the Output Report section explicitly instructs creating a draft file and appending entries to index.md and log.md, a contradictory/deceptive instruction that directs writes outside the skill's stated scope.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). Required runtime workflow reads local wiki markdown files (llmwiki/wiki/index.md, llmwiki/wiki/log.md, and selected llmwiki/wiki/concepts/*.md) that are authored by prior contributors to the project (outsider content relative to the operating user), and those markdown bodies are ingested into the agent for synthesis.