git

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and interprets CI run data and logs from third-party providers (references/workflows/ci.md Step 2–3: using gh run list, glab ci list, gh run view --log-failed, glab ci trace) and the commit workflow (references/workflows/commit.md Step 5) then uses those logs to decide fixes, commits, and pushes, so untrusted, user-generated CI output can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes an npm package at runtime via commands like "npx @codevoyant/agent-kit" (e.g., npx @codevoyant/agent-kit ci detect and task-runner calls), which fetches and executes remote package code that the workflows rely on, so this is a required runtime external dependency that executes remote code.