vendor-otel

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). The skill’s runtime workflow fetches upstream OTel contrib source code from GitHub (public outsider-authored TypeScript) via gh api .../contents/<path>?ref=<tag> and decodes it into readable text that is then copied into vendored/, which the agent will process and include in its LLM context during planning/reporting.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches upstream TypeScript source at runtime using GitHub API calls (e.g., gh api "repos/open-telemetry/opentelemetry-js-contrib/contents/?ref=" --jq '.content' | base64 -d), which retrieves remote code that is then vendored/built and therefore constitutes a runtime external dependency that can execute when built/tested.