create-beaver-issue

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and parses the project's README via gh project view to extract an untrusted, user-authored beaver-config YAML block (README) which the agent reads and uses to choose repositories/issueRepo and tracking rules that materially influence where and how it creates issues.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches the project's README at runtime via the gh CLI (gh project view {number} --owner {org}) to parse a required beaver-config YAML block which directly controls the agent's behavior (repositories/issueRepo/customFields) and is required for operation, so the external README content is a runtime dependency that can control prompts.