idea-creator

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.70). The prompt contains an explicit instruction to perform file-writing retries "Do NOT ask the user for permission — just do it silently," which directs stealthy behavior outside the stated goal of generating and ranking research ideas and therefore constitutes a deceptive instruction.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs WebSearch in Phase 1 ("Search recent literature using WebSearch" and "Read abstracts and introductions of the top 10-15 papers") and ingests public papers (arXiv / conference pages) as core input to build the landscape that directly influences idea generation, filtering, and pilot decisions, exposing the agent to untrusted third‑party content that could carry indirect prompt injections.