taint-instrumentation-assistant

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly instructs the agent to "Pull the language-specific source/sink/sanitizer lists from the CodeGuard rules" (see the Upstream GitHub link to project-codeguard in SKILL.md), which requires ingesting public third-party repository content that will directly shape tool configuration and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs runtime fetching of Project CodeGuard rules from https://github.com/cosai-oasis/project-codeguard/tree/main/skills/software-security to obtain the source/sink/sanitizer lists that directly determine the agent's taint-analysis rules and behavior, making this an external resource fetched at runtime that controls the agent's instructions.