write

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md Release Notes Pre-flight explicitly instructs the agent to read target-project files (e.g., CLAUDE.md) and to run "gh release view --json body -R " to fetch public GitHub release bodies as style references, which are user-generated public content the agent must read and use to shape its output.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's Release Notes Pre-flight explicitly instructs fetching external GitHub content at runtime (e.g., https://github.com/mzlogin/chinese-copywriting-guidelines and via commands like "gh release view --json body -R ") to load style/reference files that directly influence the agent's prompts and are treated as required inputs, so these remote repos are a runtime dependency that can control the agent.