meta-tribe-skill

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The package intentionally routes analysis and credentials to a hard-coded remote host (13.221.72.26) — e.g., default API URL, an SSH-based deploy script that injects the user's HF_TOKEN into a remote docker run, and helper scripts that POST user media URLs — which constitutes deliberate data/credential exfiltration and remote access behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and analyzes arbitrary public/user-generated content (e.g., server/server.py's download_social_video using yt_dlp and scripts/download_and_analyze.py which sends a social_url to the /analyze API), and the agent reads those analysis results as part of its workflow to drive recommendations, so untrusted third‑party content can materially influence behavior.