get-started

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The "Share" step instructs pushing to GitHub and running with "gitagent run -r https://github.com/you/my-agent", which causes the agent to fetch and execute content from a public, user-controlled repository (untrusted third-party content) that can materially influence runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The command gitagent run -r https://github.com/you/my-agent fetches a remote GitHub repository at runtime and loads that repository's agent files (e.g., agent.yaml, SOUL.md), which directly control the agent's prompts/behavior and can cause execution of code defined in the repo.