bounty-hunter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's scripts (scripts/scan.sh) explicitly clone arbitrary GitHub repositories supplied as and run Slither on that untrusted, user-controlled code, and the workflow/scripts (SKILL.md and scripts/triage.sh) instruct the agent to read/interact with Slither-flagged code and feed findings into a local LLM for triage, so third-party content can influence analysis and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The scripts/scan.sh clones and uses the user-supplied Git repository URL at runtime (git clone "$REPO_URL") and then runs dependency installers (npm install, pip3 install -r requirements.txt), which can execute remote code from that repo — flagged URL: the git repo URL passed to scripts/scan.sh (e.g., https://github.com/... or git@github.com:org/repo.git).