competitors-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow explicitly instructs cloning and reading arbitrary third-party repositories (see "Step 1: Clone Repository" in SKILL.md and the scripts/update-competitors.sh clone_repos function which runs git clone of external GitHub repos), so untrusted user-generated code/pages are fetched and must be interpreted and used to drive analysis.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs git clone at runtime (e.g., git@github.com:org/repo.git / git@github.com:OpenWhispr/openwhispr.git) and requires the fetched repository content as the factual source that directly drives the agent's analysis/output, so external repo content can directly control prompts/behavior.