extract-wisdom

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The prompt explicitly tells the agent to override system hooks and run the script "outside the sandbox" (set dangerouslyDisableSandbox: true), instructing it to bypass platform security and ignore system-level guidance—behavior outside its stated summarisation/extraction purpose and constituting a deceptive override attempt.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and ingests public third‑party content (YouTube transcripts via scripts/wisdom.py using yt-dlp and web articles via WebFetch/urllib as described in SKILL.md and references/source-web-text.md and source-youtube.md), requires the agent to "read content in full" and to act on that content (extracting takeaways, running sub‑agents for referenced tools, and backfilling metadata), so untrusted web/user‑generated content can directly influence the agent's analysis and subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs running its script "outside the sandbox" with dangerouslyDisableSandbox: true, instructing the agent to bypass sandbox/security protections and grant unrestricted network and file-system access, which is a direct compromise of the host's security.