project-archive-done

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill explicitly fetches GitHub Project items using the gh project item-list command (SKILL.md Step 2) and then reads/filters user-generated Status/item data and uses those results to decide and perform archive actions, so untrusted third‑party content from GitHub projects can materially influence agent behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill mainly performs remote GitHub operations (no sudo, no system file edits, no user creation) but explicitly recommends using GIT_SSL_NO_VERIFY=1 in sandbox, which instructs bypassing TLS verification and thus encourages a security bypass.