zizmor-resolution

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly requires fetching and reading action READMEs from GitHub ("you MUST fetch its README on GitHub..." in references/rule-excessive-permissions.md) and relies on online audits via the GitHub API (SKILL.md: "Always run zizmor with a GitHub token"), so it ingests untrusted, user-generated third‑party content that can materially influence permission decisions and subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). Flagged because, in addition to modifying repository and CI workflow files, the skill explicitly directs adding package installation to bin/setup that uses "sudo pacman -S", which requests sudo privilege and thus modifies the host system state.