Runtime Security Guard

The skill could keep analyzing subagent activity and changing persistent agent memory after the initial install, which may affect later tasks or sessions.

This describes a recurring scheduled monitor and automatic updates to agent memory. Persistent background behavior and memory modification are high-impact agent actions that are not clearly opt-in or fully explained in SKILL.md.

Sensitive session information could be summarized or carried forward into persistent memory without the user clearly reviewing what is stored.

Session logs may contain sensitive prompts, tool outputs, or user data, and automatic MEMORY.md updates can persist or reuse derived context across future agent tasks.

If the dashboard uses a shared or hardcoded token, local or network users who know it could access alerts or configuration.

The static scan reports a hardcoded authToken in the web server source. A fixed token is risky for a monitoring/configuration dashboard because it may not be unique per installation.

Running the command executes whatever script is served from that GitHub branch at install time.

SKILL.md recommends a user-directed remote install script from the mutable main branch. This is a common setup pattern but has unpinned provenance risk.

The skill may see sensitive local file contents, command outputs, and prompts as part of its security checks.

The skill explicitly says it inspects all file reads, tool results, and user inputs. This is purpose-aligned for runtime security monitoring, but it is broad authority over agent context and tool flows.

If an agent naively follows documentation sample text, it could be misled, though this appears to be a detection sample rather than an active instruction.

Prompt-injection text appears in security rule/test material. It is expected for a prompt-injection detector, but agents reading these docs must treat it as sample text only.