add-lang

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The workflow’s Step 7/8 uses gh search repos and then bench.sh clones public GitHub repos and indexes their source files; those outsider-authored repository contents are read by CodeGraph and become LLM-readable text in the agent-eval/benchmark context (indirect prompt injection risk).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs fetching and using remote parser WASMs at runtime (e.g. "npm pack @tree-sitter-grammars/tree-sitter-" — which pulls from the npm registry like https://registry.npmjs.org/@tree-sitter-grammars/tree-sitter- — and/or running "npx tree-sitter build --wasm"), and those fetched artifacts (WASM or npx-downloaded tooling) are executed as part of extraction and are required to proceed, so this is a runtime external dependency that executes remote code.