workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's codebase-intelligence docs (references/codebase-intelligence.md) instruct the agent to "Fetch once per session using WebFetch or curl" from raw GitHub URLs (e.g., raw.githubusercontent.com/ bntvllnt/codebase-intelligence/.../llms.txt), which the agent is expected to read and use to guide commands and behavior, exposing it to arbitrary public third-party content that can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's Codebase Intelligence doc explicitly instructs fetching runtime documentation from https://raw.githubusercontent.com/bntvllnt/codebase-intelligence/main/llms.txt and https://raw.githubusercontent.com/bntvllnt/codebase-intelligence/main/llms-full.txt "before first use" and via curl/WebFetch, meaning external raw GitHub content is pulled at session runtime and used as authoritative guidance for agent prompts/behavior.