uithub-fetcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests arbitrary public GitHub content (repositories, issues, and pull requests) via the uithub CLI when users paste GitHub URLs (see SKILL.md "When to use this skill" and the npx uithub-cli fetch examples), exposing the agent to untrusted, user-generated third-party content that it will read and act on.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes npx uithub-cli (which downloads and executes remote npm code) and fetches arbitrary GitHub repositories (e.g. https://github.com/owner/repo) at runtime and injects those repository file contents into the agent context to drive prompts/analysis.