dev-km

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated third-party content (GitHub PR reviews/comments and Jira issues) and the workflow scripts/commands (e.g., assets/commands/pr-review.md, assets/commands/pr-poll.md, and assets/commands/jira.md plus the README/PR auto-respond sections) instruct the agent to read and act on that content (including auto-respond and code changes), so untrusted external inputs can directly influence tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The README/INSTALL instructions instruct users to git clone and install code from https://github.com/goffity/dev-km.git into ~/.claude/skills/dev-km and then run bundled scripts (e.g., scripts/init.sh, install-symlinks.sh, auto-capture/ai-capture scripts), which fetches remote code and executes it as part of setup — giving that external URL the ability to deliver code that will run locally, so it meets the criteria for a runtime-executed external dependency.