ssti-detect

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). Although the skill claims "仅做检测和引擎判断" (detection-only), it explicitly advises exploitation steps—e.g. "优先尝试 {{flag}} 直接访问上下文变量" and points to an exploitation skill—i.e. instructions to access/exfiltrate secrets outside the stated scope.