archon

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's example workflow (examples/dag-workflow.yaml / SKILL.md Running Workflows) explicitly runs a bash node fetch-issue that calls gh issue view ... to ingest GitHub issue content and then feeds $fetch-issue.output into the classify prompt/node to drive branching and subsequent actions, meaning untrusted, user-generated GitHub content is read and can materially influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The setup instructions run a remote installer at runtime (curl -fsSL https://bun.sh/install | bash and the Windows equivalent irm bun.sh/install.ps1 | iex), which fetches and directly executes remote code required to install Bun for the CLI.