write-a-prd

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill runs GitHub CLI/API commands at runtime (e.g., gh api repos/{owner}/{repo}/milestones, gh issue list --label research --search ..., and gh issue view <spike-issue-number>) and instructs the agent to read and incorporate the fetched issue/archive bodies into the PRD, which means external content fetched from GitHub is used to directly control the agent's prompts/output.