live-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs checking and reading GitHub issues via "gh issue list --state open ..." in references/issue-management.md, which ingests user-generated, public issue content that the agent uses to decide whether to file or modify issues, so untrusted third-party content can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill runs git pull origin main at runtime, which fetches code from the configured remote "origin" (e.g., git@github.com:org/repo.git or https://github.com/... ) and that fetched repository code is subsequently built/run (cargo run), meaning remote content could execute during testing.