jfrog-project-onboarding

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly clones and inspects arbitrary GitHub repositories and their files (see SKILL.md steps "Step 5: Configure Package Managers" and "Step 6: Configure CI Workflows", plus the ecosystem auto-detection in detection.md), using those user-provided repo contents to decide ecosystems and to modify workflows — i.e., it ingests untrusted third-party content that can materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly clones/reads manifests from a configured Git repository at runtime (e.g., https://github.com//.git via git ls-remote / git clone) and those fetched manifests are used as the input that directly drives prompts and provisioning actions, so this external git URL is a runtime dependency that controls agent behavior.