project-add-items

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and parses content from URLs (Step 1: "URL（GitHub Issue 一覧、Wiki ページ等）") — i.e., public GitHub issues/wiki pages — and the agent is expected to read and interpret that untrusted, user-generated content to extract fields that directly drive creation and editing actions in the project, enabling indirect prompt-injection risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill does not request sudo or create/modify system files, but it explicitly recommends bypassing TLS verification (GIT_SSL_NO_VERIFY=1) in a sandbox, which is a security bypass that compromises machine/network security.