explore

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md explicitly instructs "If an issue number is given, fetch it with gh issue view $ARGUMENTS and use it as the starting point," meaning the agent will fetch and interpret user-generated GitHub issue content (potentially public/untrusted) that can influence its subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches a GitHub issue at runtime via gh issue view (e.g. https://github.com///issues/), and that fetched issue content would be injected as the starting prompt and thus can directly control agent instructions.