dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's researcher agent (agents/researcher.md) and the explore workflow (references/workflows/explore.md) explicitly instruct the agent to WebSearch/WebFetch public websites and GitHub repos and even git-clone third‑party projects (external mode), and those fetched, untrusted third‑party artifacts are read and used to produce research and proposals that materially drive decisions and follow-up agent actions—creating a clear vector for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly performs runtime fetches of user-supplied git repositories and external docs (e.g., "git clone " and "git clone --depth=1 {repo-url}" in the /dev diff and researcher external-mode workflows), which will ingest remote content that directly shapes agent prompts/outputs—so the user-supplied repository URL () is a runtime dependency that can control the agent.