printing-press-publish

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly clones and reads a public GitHub repo (PUBLISH_REPO_URL / the managed clone at $PUBLISH_REPO_DIR) and uses data from that repo and GitHub (printing-press library list --json, .printing-press.json, README/manuscripts, and gh pr list outputs) as part of its required workflow to resolve slugs, categories, collisions, and to construct PR bodies, so untrusted, user-authored content from the public library and open PRs can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly clones and uses the remote library repo at https://github.com/mvanhorn/printing-press-library (and its SSH form git@github.com:mvanhorn/printing-press-library.git) and runs code from that clone (e.g., go run ./tools/generate-skills/main.go) and also invokes a remote Go module with go run golang.org/x/vuln/cmd/govulncheck@v1.3.0, so external content is fetched at runtime and executed and is required for the publish flow.