developer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation explicitly describes fetching and including remote GitHub content (e.g., pkg/parser/remote_fetch.go with functions like downloadFileFromGitHub and include_expander.go plus the Go Fan workflow that "Research GitHub Repo" and writes scratchpad/mods/), which means it ingests untrusted, user-generated public repository content that the agent reads and uses during workflow compilation and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill describes runtime fetches (e.g., pkg/parser/remote_fetch.go's downloadFileFromGitHub and the Go Fan workflow that "Research[es] GitHub Repo" to generate AI summaries) which pull content from Git repositories such as github.com/goccy/go-yaml, and those fetched repo contents are used as model input that can directly influence agent prompts/outputs.