implement-code

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.70). The prompt explicitly states "does not invoke any other skill" yet later instructs use of external tools/skills (Exa, Context7 and functions like get_code_context_exa, web_search_exa, resolve-library-id, query-docs), a clear contradictory/deceptive instruction that lies outside the skill's stated self-contained purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Mandatory Preconditions step 4 ("Research third-party patterns") explicitly instructs the agent to fall back to Exa (get_code_context_exa), web_search_exa, and Context7 to fetch external docs/tutorials and code examples and to use those findings to decide package versions and note sources in the report, so it consumes untrusted public web content that can influence its actions.