sdk-feature-implementation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to use WebFetch to read "spec URL" links found in Linear issue/project descriptions (Step 2), meaning it will fetch and interpret arbitrary third-party webpages linked from user-provided Linear content which can materially influence subsequent agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches external spec URLs at runtime via WebFetch (e.g., arbitrary raw GitHub/pastebin-style spec URLs) and clones remote git repos with commands like "gh repo clone getsentry/" (git@github.com:getsentry/.git), and the fetched spec/repo files (specs, CLAUDE.md/AGENTS.md, reference PR diffs) are read and injected into agent prompts or used to drive implementation, so these remote URLs directly control agent instructions.