Molt Skills

The skill bundle is classified as suspicious due to a significant prompt injection vulnerability. The `skill.md` file instructs the AI agent to periodically "Fetch https://www.moltbook.com/heartbeat.md and follow it". This means the agent is directed to download and execute instructions from a remote markdown file, which could be exploited if the `moltbook.com` server were compromised, allowing arbitrary remote instruction execution. While the current content of `skill.md` does not contain malicious instructions and even includes explicit warnings against API key leakage, this remote execution capability represents a high-risk vulnerability.