sg-scout

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to run gh api searches on public GitHub and read READMEs and repo files (Phase 1/Phase 2: e.g., "gh api search/repositories" and "gh api repos/{owner}/{repo}/readme"), then parse and act on that untrusted, user-generated content to extract techniques and file issues or change behavior, so third‑party content can materially influence the agent.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill uses GitHub API calls at runtime to fetch repository content (e.g., "gh api repos/{owner}/{repo}/readme" and direct repo URLs like https://github.com/owner/repo), and that fetched content is injected into the agent's analysis/prompt context—so remote content can directly control prompts.