github-star-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests content from public third-party sources (e.g., arbitrary article URLs via "WebFetch" in SKILL.md and many GitHub API calls in scripts/star_tracker.py and scripts/main.py such as get_readme, get_latest_release, get_recent_commits), treats that untrusted/user-generated content as input to AI summarization and repository-discovery logic (summarize_with_ai, auto-detection and auto-star workflows), and uses those results to drive actions (auto-starring, categorization, cleanup and reporting), so external page/readme/commit content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill performs runtime fetches of repository README content via the GitHub API (GET https://api.github.com/repos/{owner}/{repo}/readme which then requests the returned download_url, typically a raw.githubusercontent.com URL) and injects that fetched README into the AI summarization prompt, meaning external content fetched at runtime can directly influence model instructions.