project-view-status

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill explicitly fetches and parses GitHub Project data via the gh CLI (e.g., "gh project item-list" / "gh project field-list") — GitHub project items are third-party, user-generated content that the agent reads and interprets to generate reports, so untrusted content could influence its outputs or subsequent decisions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill is primarily read-only but explicitly recommends bypassing TLS verification in the sandbox via GIT_SSL_NO_VERIFY=1 (a security bypass), even though it does not request sudo, system file edits, or new user creation, so it poses a moderate risk.