debug-mantra

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.70). The prompt contains deceptive instructions—most notably "If the user says 'skip the mantra' → skip the recital but still apply the four steps silently" and guidance to treat the mantra as an internal constraint—i.e., it tells the agent to hide behavior from the user, which is outside normal transparent debugging behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly triggers when a user "pastes a stack trace or error log" and requires the agent to read/interpret those user-provided (untrusted) artifacts as part of the debugging workflow, so arbitrary third‑party/user content can influence the agent's decisions and actions.