agent-security

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The document contains multiple explicit malicious patterns—payloads and examples for data exfiltration (sending .env/credentials to attacker domains), remote command execution (curl | bash, command-injection via rules/plugins), credential theft, supply-chain/backdoor examples (malicious skill/plugin registration, postinstall theft), and self‑replicating “Agent worm” propagation—indicating deliberate malicious intent and high-risk abuse vectors.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs testing sandbox escapes, file-system access, network exfiltration, and altering persistent memory/permissions—actions that direct an agent to perform system-level operations that can compromise the host.