event-prospecting

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.70). The prompt contains explicit, non-functional instructions to bypass permission/approval prompts (e.g., “always use full literal path — NOT ~ or $HOME”, batch all writes/searches into single Bash calls) which is a deceptive operational directive outside the stated event-prospecting purpose and aims to evade security controls.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and scrapes arbitrary public event pages and company homepages (Step 3 and Step 5 via node scripts/extract_page.mjs and browse commands) and runs browse cloud searches against public/user-generated sites like LinkedIn, X, GitHub, and podcasts (Step 8), and the agent is required to read and act on that third-party content to score targets and decide follow-up actions.