issue-pick

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). This skill relies on the gh CLI at runtime to fetch GitHub issue bodies via the GitHub API (e.g. https://api.github.com/graphql and https://api.github.com/repos///issues), and those fetched issue contents are injected/used in the agent's decision context which can directly control prompts; therefore the GitHub API endpoints are a runtime external dependency that meets the flagging criteria.