implement-issue

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and ingests GitHub Issue content as part of its required flow (Step 1: "gh issue view "), and GitHub Issues are public, user-generated content that can directly influence planning and code-change decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill invokes "gh issue view " at runtime to fetch a GitHub Issue (e.g., https://github.com///issues/), and the fetched issue body is used to generate and drive the agent's implementation plan, so remote content directly controls agent instructions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). Although the skill mainly describes safe development steps (creating plan files, running tests, committing), it explicitly recommends bypassing TLS verification using GIT_SSL_NO_VERIFY=1 in sandbox—which is a security bypass—so it poses a moderate risk even though it does not request sudo, system-file edits, or user creation.