learning-engine

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Flagged: Step 1 of SKILL.md explicitly accepts and git-clones arbitrary GitHub links (git clone {github_url}) and then reads README/project files and feeds them into subagent prompts to generate overviews and lessons, so untrusted, user-generated third‑party content is ingested and directly influences the agent's subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly performs runtime git clones of user-provided repositories (e.g., URLs beginning with https://github.com/) and then reads and injects the cloned repository content into subagent prompts to generate lessons, so remote repo content can directly control agent prompts.