lovstudio-gh-contribute

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow explicitly fetches untrusted upstream repository files (e.g., CONTRIBUTING.md and CODE_OF_CONDUCT.md via gh api repos/$UPSTREAM/contents/... and .github/PULL_REQUEST_TEMPLATE.md) in Step 2 and states those constraints will be carried into commit/PR actions, so third-party repo content can directly influence tool use and subsequent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs the command "gh api repos/$UPSTREAM/contents/CONTRIBUTING.md -q .content | base64 -d" (i.e. fetching https://api.github.com/repos/$UPSTREAM/contents/CONTRIBUTING.md) at runtime and uses the fetched CONTRIBUTING.md to determine commit/branch/PR rules, so remote content directly influences agent instructions.