project-update-items

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and parses GitHub project and item data using gh commands (Step 2: "gh project view" / "gh project field-list" and Step 3: "gh project item-list"), which are user-generated/untrusted third-party contents that the agent reads and uses to determine which updates and API calls to perform, so they could contain instructions that materially influence agent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly advises disabling TLS verification in a sandbox (GIT_SSL_NO_VERIFY=1), which is a security bypass and thus pushes the agent to compromise security mechanisms on the host.