working-memory-boost

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly reads and parses public GitHub Issue bodies and comments via "gh issue view --comments" to rebuild local task files and checkpoints (SKILL.md "温恢复流程" / Step 3), so untrusted, user-generated issue content can directly influence actions and state.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes "gh issue view --comments" at runtime to fetch and parse GitHub Issue content (e.g. https://github.com///issues/), and that fetched Issue text is used to reconstruct local memory files that directly influence agent prompts/instructions, so this is a runtime external dependency that can control the agent's behavior.